"Keith C. Ivey" wrote: > One fairly easily detectable spam sign is the almost-white text > (used to hide the irrelevant words), like this:
> > <font face="Arial"><font color="#FFFFF2">argumentation scabby > > writhe</font> > That should have triggered HTML_FONT_INVISIBLE, but I think > that test has some bugs. It certainly has a bug on my systems... I very carefully go into the Netscape display options and set the default background colour to grey instead of white. <g> It's easier on the eyes. > Another thing that we should be checking for is stuff like > this: > > <A href="http://ewtajsland.b&# > > 105;z/rmp6651/">Visit_to_begin_your > > _order</A> I got annoyed enough at a run of these reported by customers that I set up a block of rules for these, and then a set of meta rules that increase the score fairly significantly the more such character codes are found- 0.1 for 1 or more, +0.7 for 4 or more, +1.7 for 10 or more, +2.5 for 15 or more. Along with the other rules that usually match in such messages, this is enough to push a message over the default threshold of 5. The way I see it, any message using more than one or two such encoded characters is almost certainly spam... ;) > There's a test for something similar, SPAM_FORM_ACTION, but it > needs to be expanded to test for HREFs as well, as for URLs > that are only partially HTML-escaped. In 2.55 and 2.60 it's zeroed out in the default ruleset. <g> Along with three other SPAM_FORM* rules. I used rawbody in the rules I based my cumulative meta rules on. -kgd -- <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
