On Mon, 8 Dec 2003 10:23:25 -0500, Pedro Sam <[EMAIL PROTECTED]> writes:
> > Personally, I think the fundamental problem is HTML. HTML is too > > powerful of a display language to be filtered, and thats before > > JavaScript is added into the mix. Just look at the URL above. Almost > > all of those tricks are directly enabled by HTML. > > > > IMHO, I'd be perfectly happy with a spam filter that bitbucked HTML, > > and caught all plaintext spam. If someone wants HTML, then they can > > deal with the collaged spam. > > I keep on thinking, would it not be more convenient to call "lynx -dump" (or > equivalent), before using SA to process it? That doesn't solve the problem of javascript, which is pretty much the neutron bomb for a collage attack. The choices would be either to implement a javascript interpreter into a spamchecker, or to whack-a-mole each decoder as it is invented and used. (Until someone writes a program to generate javascript decoders.) I'm not too familar with CSS, but AFAIK, it too could be used in collage attacks. Also, lynx cannot handle tables and frames. Given this, I think there's no way to win with HTML email. There's just too many ways to engage in these sorts of attacks. Perhaps just forcing all spam to be HTML will be enough --- then everyone can bitbucket HTML email and in ten years we come full circle. Scott ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
