Matt Kettler a écrit :
> At 08:09 PM 1/6/2006, Craig McLean wrote:
>
>> The attached message was nailed to the tune of 3.7 points by
>> FUZZY_MORTGAGE. Unfortunately it's a legit opt-in mailing, and appears
>> to have triggered the rule because a URL containing the word "mortgage"
>> got split across lines 269/270 (correct me if I'm wrong).
>>
>> Is this expected behaviour? It seems a little.... extreme?
>
>
>
> I don't think that will cause FUZZY_MORTGAGE to hit. FUZZY_MORTGAGE is a
> body rule. All newlines are removed prior to running body rules.
>
> Also, all HTML is removed, so if the url is part of an <a> tag, then the
> rule would never see it.
>
> Finaly, you posted your sample as inline text, instead of as an
> attachment. Somewhere along the line, either your MUA or mine
> reformmated the contents. There are no instances of a split-up
> "mortgage" anywhere in the message as received by me.
>
> Any chance you can do that again as an attachment instead of an inline
> text?
>
>
didn't check long, but it has:
Content-Type: message/rfc822;
name="spam.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="spam.eml"
which seems to me like an attachment (now there are so many inclusion
level that I'm not sure I get that right. but thunderbird gets it ok)
The reported message contains html "code" in its text/plain part, with
no encoding. so some URLs are wrapped and result in splitting the
suspicious word. an example with another word:
<http://www.homes-on-line.com/default.asp?http://www.met-office.gov.uk/weath
er/europe/uk/ukforecast.html>
So they use multipart/alternate, but still include the html part in the
plain part...
sounds like another ratware in the jungle?
