This week, we've been getting plenty of Viagra spam from one spammer who is using a very large HTML table (180+ 's) with a space in each table data field. The spammer then creates his message (or usually, just a word) by using the bgcolor tag in certain table data fields. An example is provided below (just cut and pasted from the e-mail, sorry for being so offensive).
Detection of such a message is a piece of cake. Any message containing a
Very Large html table (even more than 50 table data fields, or one that is
disproportionately wide could qualify) could trigger such a test, but I have
no idea about how to do a count like that in a regular expression. In fact,
as far as I know, you can't.
Does this mean that there's no meaningful way to test for this in
Spamassassin?
Example table follows:
--
View this message in context:
http://www.nabble.com/Colored-in-table-attack.-tp22705427p22705427.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
