] Encoded Email... how?
You could create a filter that looks for these types of links.
If there is NOT a http://x.x.x.x regular expression then it would most
likely be spam.
FWIW, here's how you create them:
To convert an IP to integer:
Note that the % is the standard C arithmetic operator
((2^24
LOL!
Declude doesn't have a filter for that. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David Stavert
Sent: Thursday, September 05, 2002 3:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Encoded Email... how?
Mark
Any
This one has me baffled. This email (spam) showed up as what appeared to be
an html formatted message. When I view the raw message it appears as an
encoded attachment making it impossible to filter on any body content.
How are they doing it and how do we stop it?
That's getting to be a more
We are actually finding more more SPAM are coming that way. We are
only catching them when they put interesting words in the subject.
Also what we are finding is they are turning the links and addresses
into binary numbers, therefore making it impossible to detect the links
and trap them...
| To: [EMAIL PROTECTED]
| Subject: Re: [Declude.JunkMail] Encoded Email... how?
|
|
|
| This one has me baffled. This email (spam) showed up as what
| appeared
| to be an html formatted message. When I view the raw message
| it appears
| as an encoded attachment making it impossible
: [Declude.JunkMail] Encoded Email... how?
This one has me baffled. This email (spam) showed up as what appeared to
be
an html formatted message. When I view the raw message it appears as an
encoded attachment making it impossible to filter on any body content.
How are they doing it and how do we
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] Encoded Email... how?
|
|
| We are actually finding more more SPAM are coming that way.
| We are only catching them when they put interesting words in
| the subject.
|
| Also what we are finding is they are turning the links
I'm not an expert, but it may be that this started as a way to encode
languages containing Unicode into RFC-compliant messages. When I created my
own text kill filters for this it caught some E-mails that looked legitimate
to a business that did foreign correspondance (I didn't decode or
Also what we are finding is they are turning the links and addresses
into binary numbers, therefore making it impossible to detect the links
and trap them... Such as majority of porn-sites. We get links like:
http://0111010101010101010101010101010...
FYI: Scott, or rather Declude, has a