I was surprised to get an email with a list of drugs that scored relatively little on SA. Apparently, the spammer cleverly divided all the words into pairs of letters and placed each pair in the proper table cell just so that the it all appear right (all the drug names next to their prices).
I also run all the network checks, but 24 hours ago when that message arrived, the URL it referred to (inspectioflig.com) was only listed in one place (URIBL_WS_SURBL). I checked it now and it appears in others as well. It also scored from Razor2 but all in all it penetrated my SA well below my threshold. It would be very difficult to write rules that would detect spam disguised like this in an HTML table. Any comment? -- Ilan Aisic Registered Linux User 8124 http://counter.li.org
