Hi, On Wed, Aug 23, 2023 at 06:14:45PM -0700, John Hardin wrote: > On Wed, 23 Aug 2023, Andy Smith wrote: > > On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote: > > > # test for empty src="" or empty href="" > > > rawbody __HREF_EMPTY /href=\"\"/ > > > rawbody __SRC_EMPTY /src=\"\"/ > > > > I checked this against about 80k of my recent personal emails and it > > matched quite a lot of previously not found spam, but did also match > > on every auto response from one of my suppliers. It seems after > > every customer service interaction they send a "how did we do? fill > > in this survey" email from qualtrics.com which contains: > > > > <v:fill type="tile" src="" color="#FFFFFF"/> > > > > It wouldn't be much of a loss, but it's not spam either. > > How did they perform individually?
The only non-spam that matched for me was the above, with src="". Everything with href="" was spam. There was some overlap — some spam had both — but some spam had only href="" and some spam had only src="". I'm sure KAM has a much bigger corpus to do automated tests on… Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting