Hi,

On Wed, Aug 23, 2023 at 06:14:45PM -0700, John Hardin wrote:
> On Wed, 23 Aug 2023, Andy Smith wrote:
> > On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote:
> > > # test for empty src="" or empty href=""
> > > rawbody __HREF_EMPTY /href=\"\"/
> > > rawbody __SRC_EMPTY /src=\"\"/
> > 
> > I checked this against about 80k of my recent personal emails and it
> > matched quite a lot of previously not found spam, but did also match
> > on every auto response from one of my suppliers. It seems after
> > every customer service interaction they send a "how did we do? fill
> > in this survey" email from qualtrics.com which contains:
> > 
> >    <v:fill type="tile" src="" color="#FFFFFF"/>
> > 
> > It wouldn't be much of a loss, but it's not spam either.
> 
> How did they perform individually?

The only non-spam that matched for me was the above, with src="".
Everything with href="" was spam.

There was some overlap — some spam had both — but some spam had only
href="" and some spam had only src="".

I'm sure KAM has a much bigger corpus to do automated tests on…

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply via email to