Jeremy Fairbrass wrote: > Hi Eric, > The text there is encoded with base64, which is decoded into the "proper" > text by the mail client. SpamAssassin will also decode it before running its > rules against it, for "body" or "rawbody" rules, which means SpamAssassin > will be able to filter it out whether the text was encoded with base64 or > was sent as plain text. > > Without being able to decode that block of stuff myself and thus see what it > says, I'd suggest firstly making sure you're using the URIBL/SURBL network > checks (in case this spam had any web links in it), and also use the SARE > stock rules at http://www.rulesemporium.com/rules.htm#stocks (you might find > the other rules on that page useful in general too). > > Cheers, > Jeremy
That's helpful, thank you. Running the message thru SA by hand, it comes up with a score of 30+. > "Eric W. Bates" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >>I don't even understand how the following message works (let alone how >>to block it). >> >>It simply has a chunk of what looks like encoded binary; and yet, >>thunderbird renders it as a stock announcement (as I write this, I >>wonder whether the good readers of this list are likely to the ascii >>block, or the rendered version? view source for me please). The >>header: "Content-Transfer-Encoding: base64" should probably give me a >>clue. >> >>How do we filter out spam like this? This got 0 hits. >> >>Thanks for your time. >> >>[snip] >>X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on >>ace1.vineyard.net >>X-Spam-Level: >>X-Spam-Status: No, hits=0.0 required=5.0 tests=EMPTY_MESSAGE=, >>FM_NO_FROM_OR_TO=,FM_NO_TO=,MISSING_SUBJECT=,NO_RECEIVED=,TO_CC_NONE= >>bayes=0.5 autolearn=failed version=3.1.0 >> >>[snip] >> >>From: "Roxie F. Hankins" <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED], [EMAIL PROTECTED] >>Subject: Focus Stock Alert >>Date: Sat, 11 Mar 2006 23:33:30 +0000 >>MIME-Version: 1.0 >>Content-Type: text/plain >>Content-Transfer-Encoding: base64 >>X-Virus-Scanned: by AMaViS-ace1 at Vineyard.NET >> >>SW4gdGhlIGN1cnJlbnQgb2lsIG1hcmtldCwgc2VsZWN0IHNtYWxsIGVuZXJn >>eSBkZWFscyBhcmUgZmx5aW5nLiAgDQpXaXRoIGdyb3dpbmcgZGVtYW5kLCBz >>aHJpbmtpbmcgc3VwcGxpZXMsIGFuZCBnb3Zlcm5tZW50IHN1cHBvcnQgDQpm >>b3IgZG9tZXN0aWMgZW5lcmd5IHByb2plY3RzLCBpcyB0aGVyZSBhIGJldHRl >>ciBzZWN0b3IgdG8gaW52ZXN0IGluPyANCkhlcmUncyBvdXIgbmV4dCB3aW5u >>ZXI6DQoNCkNvOiBQcmVtaXVtIFBldHJvfF9ldW0gSW5jLg0KU3ltOiBQIFAg >>VCB8XyAgDQpDdXJyZW50bHkgVHJhZGluZyBhdDogJDAuMDIgICAgDQoxIFdl >>ZWtfVGFyZ2V0X1ByaWNlOiAgJDAuMTANCg0KQSBNYXNzaXZlIFBSIENhbXBh >>aWduIGlzIFVuZGVyd2F5IGZvciBGcmlkYXkgaW50byBuZXh0IHdlZWshIQ0K >>U3RhcnRpbmcgYXQgb25seSAyIGNlbnRzIHRoZSBHYWlucyB3aWxsIGJlIHRy >>ZW1lbmRvdXMhIQ0KDQpIVUdFIG5ld3MgY29taW5nIG91dCBmb3IgUCBQIFQg >>fF8uIERpZCB0aGV5IHN0cmlrZSBvaWw/DQpQbGVhc2UgcmVhZCBhbGwgdGhl >>IGxhdGVzdCBQcmVzcyBSZWxlYXNlcyBvbiB0aGUgY29tcGFueS4NCldlIGFk >>dmlzZSBvdXIgcmVhZGVycyB0byBnZXQgaW4gZWFybHkhIFRoaXMgb25lIGlz >>IGdvaW5nIHVwIGZhc3QhDQoNClByZW1pdW0gUGV0cm9sZXVtLCBJbmMuIGlz >>IGEgZGl2ZXJzaWZpZWQgZW5lcmd5IGNvbXBhbnkgZm9jdXNlZCBvbiANCmV4 >>cGxvaXRpbmcgdGhlIHZhc3Qgb2lsIGFuZCBnYXMgcmVzZXJ2ZXMgb2YgTm9y >>dGhlcm4gQ2FuYWRhLiBXaXRoIGEgDQpzdHJvbmcgbWFuYWdlbWVudCBhbmQg >>dGVjaG5pY2FsIHRlYW0sIFByZW1pdW0gUGV0cm9sZXVtIHdpbGwgYXBwbHkg >>DQppbm5vdmF0aXZlIHRlY2hub2xvZ2llcyB0b3dhcmRzIHRoZSBkaXNjb3Zl >>cnkgYW5kIGRldmVsb3BtZW50IG9mIGEgDQpkaXZlcnNlIHBvcnRmb2xpbyBv >>ZiBoaWdoIHZhbHVlLCBsb3cgcmlzayBlbmVyZ3kgcHJvamVjdHMuICANCiAg >>ICAgICAgICAgICANCiAgICAgICAgICAqIEdPT0QgTFVDSyAmIFRSQURFIE9V >>VCBUSEUgVE9QICo= >> >> >> > > > > >
