All, Is it safe to say that no legitimate email would try and hide a URI in the body of a message by using the hex equivalent of the link?
It seems to me that is the case. if so, I would like to write a rule that detects the use of this tactic. Also, is it possible for SA to detect attachments? if so, I don't want to block based on these attachments, however, I would like to build a meta rule that incorporates a message that includes a hex-URI AND has an image attachment... these are the only guys getting throught consistently right now... CT ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk