-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Scott A Crosby writes: >On 08 Dec 2003 11:00:22 +0200, [EMAIL PROTECTED] writes: > >> On 06 Dec 2003 17:21:54 -0600, Scott A Crosby <[EMAIL PROTECTED]> >> posted to spamassassin-talk: > >> It would be good to have a rule to match the general pattern. It's >> probably too much work to generate that sort of email by hand so >> chances are you can find a unique pattern if you collect a few >> messages which have this obfuscation. > >Unless there are so many patterns such that its difficult to detect >all of them-- one of the problems in defending against collage attacks >is the moment you workaround one, they can always create another >variant. > >> This has been going around for at least a year; it's reported in the >> Spammers' Compendium <http://www.jgc.org/tsc/> as of Jan 17, 2003 >> (it's the "Slice and Dice" pattern). > >Excellent URL. Thanks. A good test to catch this would be the use of "too many" TD tags; it's pretty simple to spot that way. I don't think we have one yet, though, since this is still a very rare pattern. >> One thing to go by might be the silliness of using HTML to send >> monospaced text. I mean, what's the point of that (unless you actually >> +want+ your ad to be ugly [1])? > >Personally, I think the fundamental problem is HTML. HTML is too >powerful of a display language to be filtered, and thats before >JavaScript is added into the mix. Just look at the URL above. Almost >all of those tricks are directly enabled by HTML. > >IMHO, I'd be perfectly happy with a spam filter that bitbucked HTML, >and caught all plaintext spam. If someone wants HTML, then they can >deal with the collaged spam. Yeah, that's the problem for SpamAssassin -- we have to support a pretty wide range of legit nonspam to cover all users, and some users use a lot of HTML. It's easy enough to bump up the score for MIME_HTML_MOSTLY, MIME_HTML_ONLY and MIME_HTML_ONLY_MULTI, though. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh CVS iD8DBQE/1NmJQTcbUG5Y7woRAk+4AJ9qLOZWXqzOQzbkPrLqSypWgGeRTgCfegBh vBOwYV21izHbKmslXlanfo8= =Xyxa -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
