On Wed, Mar 18, 2009 at 05:55, Dennis Peterson <denni...@inetnw.com> wrote: > Moray Henderson (ICT) wrote: >>> From: Török Edwin [mailto:edwinto...@gmail.com] >>>>> Try using <a href="..."> for the URL. >>>>> >>>> Is that a requirement? If so we should get the spammers on board because >>> some of >>>> them may not know this :). >>> No, there are more places from where URLs can be extracted, but "<a >>> href" is one that must work. >> >> With modern email clients "helpfully" presenting text that looks like a URL >> as a real URL at the client end, SafeBrowsing really ought to check the >> plain text, not just within html tags. http://pastebin.com/m13232c54 may be >> just plain text when transmitted and scanned, but it's an "<a href>" by the >> time I read it: underlined, blue, and turns my cursor to a pointy finger >> with a pop-up box saying "Click to follow link". > > I don't imagine the world's premier spammers are sitting at their laptop in > their shorts sending out thousands of spams with Thunderbird. There are > purpose > built products for this and can format the mail any way they wish. >
Whether or not they're sending using Thunderbird isn't relevant. What's relevant is whether or not they know that the receiving mail clients will try to turn plain text URL's into clickable links. I'm pretty sure that, no matter what sending tool they're using, they're aware of this feature of modern mail clients. And I'm also very sure, from having seen it in the wild, that they exploit it. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
