[Mimedefang] Looking for an example of obfuscated HTML
David F. Skoll
dfs at roaringpenguin.com
Tue Aug 5 17:54:00 EDT 2003
On Tue, 5 Aug 2003, Kevin A. McGrail wrote:
> That's a dastardly piece of spam. Though I think it should be easy to do a
> strip html routine and then parse the email for SpamAssassin.
Stripping out the HTML is easy, but the result is essentially a
transposition cipher of the original "plaintext". That's why it's so
dastardly.
> There could also be a diff comparison added to it to check that the html and
> the plain text are "similar-esque" so that you don't get someone sending
> bogus text/plain and spam text/html mime messages.
I say just bounce anything containing HTML. That drastically reduces
the options available to spammers.
In fact, my MIMEDefang filter *does* bounce any HTML messages unless
one of our e-mail addresses appears in the To: or Cc: line, or comes from
one of the mailing lists I'm on. It's quite effective. It probably does
bounce the odd legitimate mail, but not too often.
Will banning HTML mail catch on? I doubt it. I've had complaints that
the MIMEDefang list bounces HTML, and people trying to post there should
know better. :-(
--
David.
More information about the MIMEDefang
mailing list