Thus spake Barry Wainwright <[EMAIL PROTECTED]>, circa 1/5/2003 2:06 PM:
> There are some rules that do work in spite of the spammers changing emails
> all the time. Most effective of all my spam rules is the one that looks for
> five consecutive spaces in the subject line.
I have a similar test in a rule that FLAGS spam but does not delete it. That
one's a little too general for me to risk losing a real message.
Lately I've been seeing spam that passes through all my criteria and has an
odd characteristic: looking at the source, you see that the body of the
message is Base 64 encoded HTML! Apparently, Entourage decodes the Base 64
and displays it. So I have devised a new rule with the following three
tests. If all three are met, the message is flagged. (Once I'm happy with
the results, I'll change the rule to delete the messages unseen.)
1. Attachment does not exist.
2. Any header contains "text/html"
3. Any header contains "base64"
I am assuming that no legitimate message will ever contain Base 64 encoded
HTML (why should it?) and that any legitimate Base 64 would be in an
attachment (so in theory I could do away with test #2).
For these reasons, I do not believe Entourage should decode Base 64 unless
the message is (a) marked as multipart and (b) the encoded item is sent as
an attachment with a name (e.g. image002.jpg). Can this behavior be changed
in a future SR?
peter
--
To unsubscribe:
<mailto:[EMAIL PROTECTED]>
archives:
<http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/>
old-archive:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
