Re: TEXTAREA style="visibility: hidden"
[EMAIL PROTECTED] wrote: s/Scripting/CSS :hover/ is perfectly reasonable, though: http://www.meyerweb.com/eric/css/edge/menus/demo.html (doesn't work in IE 6, but works fine in Firefox, Safari, IE 7b2pr...) D'oh! I blame the coffee. There wasn't enough of it when I wrote my last post. On the other hand, to apply :hover rules, you need an actual stylesheet and a way to select the element(s) you're showing. You could still apply the visibility/display rules inline, but you might as well just put them in the stylesheet. That said, I'm probably guilty of using inline styles for this sort of thing myself -- just not in email. -- Kelson Vibber SpeedGate Communications
Re: TEXTAREA style="visibility: hidden"
On Thu, Apr 13, 2006 at 09:45:13AM -0700, Kelson wrote: > Nope. No legit uses in email that I can think of. Just because you can't think of a use doesn't mean people don't use them. I see a lot of: pgpJo5l3EnQsH.pgp Description: PGP signature
RE: TEXTAREA style="visibility: hidden"
Kelson wrote: > (3) Scripting that will show and hide sections in response to time or > user interaction. ... > #3 shouldn't even be a consideration, since HTML-capable email clients > should have scripting disabled for safety reasons. s/Scripting/CSS :hover/ is perfectly reasonable, though: http://www.meyerweb.com/eric/css/edge/menus/demo.html (doesn't work in IE 6, but works fine in Firefox, Safari, IE 7b2pr...) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Re: TEXTAREA style="visibility: hidden"
Matthias Keller wrote: In my opinion you shouldn't limit it to textareas as I've seen them on DIVs and others too... So to me, any visibility:hidden or display:none is suspect as I dont see any legitimate use in emails Hmm... The main uses I can think of for display:none and visibility:hidden are: (1) Serving the same content to different media (for instance, set a page so that the navigation area doesn't appear when you print it) (2) Replacing content (as in CSS techniques to replace text with graphical headlines) (3) Scripting that will show and hide sections in response to time or user interaction. (4) Creating machine-readable content that the user will not see. (keyword stuffing, bayes poison, black-hat SEO, honeypot seeding, etc.) #1 isn't a good fit with email, since the main things you'd want to leave out of a print version are more likely to be in the mail client UI than part of the message body. Though it might be useful for providing a handheld-friendly view. Even so, it wouldn't work with inline styles, only with an attached or embedded stylesheet. #2 is pretty much useless in email. If you want a text alternative, you're better off providing a text/plain version of the message. #3 shouldn't even be a consideration, since HTML-capable email clients should have scripting disabled for safety reasons. #4 is mostly deceptive. If you need to provide metadata in an HTML doc, well, that's what META tags are for. If you need to provide metadata in an email message, you've got headers, you can add an XML attachment, etc. Nope. No legit uses in email that I can think of. -- Kelson Vibber SpeedGate Communications
Re: TEXTAREA style="visibility: hidden"
Matt Kettler wrote:
Matthias Keller wrote:
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or
CSS-hidden text in general, be worthwile? I couldn't find any in the
default 3.1.1 ruleset, nor at SARE.
It certainly seems worth testing.
Here's a rule I wrote (caution: word-wraps.. this should be 3 lines
long):
rawbody L_STYLE_HIDDEN /]{0,50}style\s?=\s?"\s?visibility:\s?hidden\s?"[^>]{0,50}>/i
describe L_STYLE_HIDDEN has text with hidden visibility style
score L_STYLE_HIDDEN 0.1
I added some allowance for other declarations in the textarea tag, and
the
insertion of whitespace at various spots...
It may need further tweaking/tuning, but it's a first-stab.
Hi Matt
I'm using this rule for quite some time now:
rawbody MKE_HIDDEN1
/<[^>]*\bstyle=[^>]*(?:visibility:\s*hidden|display:\s*none)/i
describeMKE_HIDDEN1 Contains CSS-hidden text
score MKE_HIDDEN1 3.5
That seems to be a nicer rule. My only concern would be that <[^>]* could be
rather slow. I'd change the * to a range-limit, to prevent SA from digging
through the entire body of a message that happens to be text/plain and starts
off with a < and has no > anywhere in it.
Good idea
Thanks for pointing that out
Maybe a meta rule with IS_HTML or how that's called again might be a
good idea too
Let me know your mass check results then
Matt
Re: TEXTAREA style="visibility: hidden"
Matthias Keller wrote:
> Matt Kettler wrote:
>> Magnus Holmgren wrote:
>>
>>> I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or
>>> CSS-hidden text in general, be worthwile? I couldn't find any in the
>>> default 3.1.1 ruleset, nor at SARE.
>>>
>>
>> It certainly seems worth testing.
>>
>> Here's a rule I wrote (caution: word-wraps.. this should be 3 lines
>> long):
>>
>> rawbody L_STYLE_HIDDEN /> [^>]{0,50}style\s?=\s?"\s?visibility:\s?hidden\s?"[^>]{0,50}>/i
>> describe L_STYLE_HIDDEN has text with hidden visibility style
>> score L_STYLE_HIDDEN 0.1
>>
>> I added some allowance for other declarations in the textarea tag, and
>> the
>> insertion of whitespace at various spots...
>>
>> It may need further tweaking/tuning, but it's a first-stab.
>>
> Hi Matt
>
> I'm using this rule for quite some time now:
>
> rawbody MKE_HIDDEN1
> /<[^>]*\bstyle=[^>]*(?:visibility:\s*hidden|display:\s*none)/i
> describeMKE_HIDDEN1 Contains CSS-hidden text
> score MKE_HIDDEN1 3.5
>
That seems to be a nicer rule. My only concern would be that <[^>]* could be
rather slow. I'd change the * to a range-limit, to prevent SA from digging
through the entire body of a message that happens to be text/plain and starts
off with a < and has no > anywhere in it.
Re: TEXTAREA style="visibility: hidden"
On Thu, Apr 13, 2006 at 03:58:01PM +0200, Magnus Holmgren wrote: > I see a fair amount of spam using to > hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in > general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor > at SARE. Not specific to textarea, just looking for an html tag with that style setting: 0.878 0.9903 0.33190.749 0.001.00 TVD_VIS_HIDDEN Specifically just looking for textarea: 0.821 0.9903 0.1.000 1.001.00 TVD_VIS_HIDDEN I added the second one to my sandbox. We'll see how the nightly mass-checks deal with it. :) Thanks! :) -- Randomly Generated Tagline: "Do not meddle in the affairs of wizards, for they are subtle and quick to anger."- Lord of the Rings pgpQ8Oyqqmvgy.pgp Description: PGP signature
Re: TEXTAREA style="visibility: hidden"
Matt Kettler wrote:
Magnus Holmgren wrote:
I see a fair amount of spam using to
hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
at SARE.
It certainly seems worth testing.
Here's a rule I wrote (caution: word-wraps.. this should be 3 lines long):
rawbody L_STYLE_HIDDEN /]{0,50}style\s?=\s?"\s?visibility:\s?hidden\s?"[^>]{0,50}>/i
describe L_STYLE_HIDDEN has text with hidden visibility style
score L_STYLE_HIDDEN 0.1
I added some allowance for other declarations in the textarea tag, and the
insertion of whitespace at various spots...
It may need further tweaking/tuning, but it's a first-stab.
Hi Matt
I'm using this rule for quite some time now:
rawbody MKE_HIDDEN1
/<[^>]*\bstyle=[^>]*(?:visibility:\s*hidden|display:\s*none)/i
describeMKE_HIDDEN1 Contains CSS-hidden text
score MKE_HIDDEN1 3.5
In my opinion you shouldn't limit it to textareas as I've seen them on
DIVs and others too...
So to me, any visibility:hidden or display:none is suspect as I dont see
any legitimate use in emails
In my spams, this rule matches around 4% of all spams, I haven't seen
any ham matches yet
Feel free to mass check it and/or include it into your coding rules. But
if you do please inform me that I can remove my local copy then.
Matt
Re: TEXTAREA style="visibility: hidden"
Bowie Bailey wrote: > JD Smith wrote: >> So, what exactly is bayes poison? > > "Bayes poison" is a collection of random words or text selections that > have nothing to do with the email subject and are only there in an > attempt to confuse the Bayes database. This doesn't really work the > way the spammers would like to think it does, but they keep doing it > anyway. How well bayes poison works depends a lot on your "bayes" implementation. Some "bayes" implementations are fairly susceptible to this. (I put "bayes" in quotes because not all bayes implementations are really Bayesian at all. Actually, most are not, including SA.) In particular, the choice of combining algorithm seems to matter a lot. The use of chi-squared combining, instead of true Bayesian combining, seems to make SA's bayes rather resistant to this. (note: the use of chi-squared is not exclusive to SA.. many "bayes" implementations do this, but not all.) Another area of influence is the choice of tokens. Words vs chars, hapaxes, etc all change how a bayes implementation reacts to poisoning attempts. So spammers keep using bayes poison because it works in some cases. It also doesn't really hurt them much, and sometimes even helps them, against more resistant implementations.
RE: TEXTAREA style="visibility: hidden"
JD Smith wrote: > > So, what exactly is bayes poison? "Bayes poison" is a collection of random words or text selections that have nothing to do with the email subject and are only there in an attempt to confuse the Bayes database. This doesn't really work the way the spammers would like to think it does, but they keep doing it anyway. -- Bowie
RE: TEXTAREA style="visibility: hidden"
So, what exactly is bayes poison? Best regards, JD Smith -Original Message- From: Magnus Holmgren [mailto:[EMAIL PROTECTED] Sent: Thursday, April 13, 2006 8:58 AM To: users@spamassassin.apache.org Subject: TEXTAREA style="visibility: hidden" I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor at SARE. -- Magnus Holmgren
Re: TEXTAREA style="visibility: hidden"
Magnus Holmgren wrote:
> I see a fair amount of spam using to
> hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in
> general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor
> at SARE.
It certainly seems worth testing.
Here's a rule I wrote (caution: word-wraps.. this should be 3 lines long):
rawbody L_STYLE_HIDDEN /]{0,50}style\s?=\s?"\s?visibility:\s?hidden\s?"[^>]{0,50}>/i
describe L_STYLE_HIDDEN has text with hidden visibility style
score L_STYLE_HIDDEN 0.1
I added some allowance for other declarations in the textarea tag, and the
insertion of whitespace at various spots...
It may need further tweaking/tuning, but it's a first-stab.
TEXTAREA style="visibility: hidden"
I see a fair amount of spam using to hide bayes poison. Shouldn't a rule against that, or CSS-hidden text in general, be worthwile? I couldn't find any in the default 3.1.1 ruleset, nor at SARE. -- Magnus Holmgren pgpVmoewWW2XX.pgp Description: PGP signature
