On 06/25/2014 03:07 AM, Philip Prindeville wrote:
I’ve been seeing spam with <A HREF=“#” …> such as:
<A href="#" philipp 2014-06-25
01:20:00;F1B9215E-B1D0-40BC-92D1-F13D501596B7;F1B9215E-B1D0-40BC-92D1-F13D501596B7;F1B9215E-B1D0-40BC-92D1-F13D501596B7;F1B9215E-B1D0-40BC-92D1-F13D501596B7;F1B9215E-B1D0-40BC-92D1-F13D501596B7;F1B9215E-B1D0-40BC-92D1-F13D501596B7><SPAN
style="VISIBILITY: hidden"></SPAN></A>
and the style=“VISIBILITY: hidden” is also dubious (why would normal mail have
hidden text???).
Lots of legitmate bulk mail uses this for tracking purposes
Anyone have rules to catch these they could point me at? Or any empirical
evidence about how successful they’ve been with such?
Wouldn't use this for a rule unless you meta it with lots of other traits
the rawbody /href\=\"#\"/ plus other traits could be combined.
Can you pastebin a sample ?