[Mimedefang] Looking for an example of obfuscated HTML

David F. Skoll dfs at roaringpenguin.com
Tue Aug 5 17:54:00 EDT 2003


On Tue, 5 Aug 2003, Kevin A. McGrail wrote:

> That's a dastardly piece of spam.  Though I think it should be easy to do a
> strip html routine and then parse the email for SpamAssassin.

Stripping out the HTML is easy, but the result is essentially a
transposition cipher of the original "plaintext".  That's why it's so
dastardly.

> There could also be a diff comparison added to it to check that the html and
> the plain text are "similar-esque" so that you don't get someone sending
> bogus text/plain and spam text/html mime messages.

I say just bounce anything containing HTML.  That drastically reduces
the options available to spammers.

In fact, my MIMEDefang filter *does* bounce any HTML messages unless
one of our e-mail addresses appears in the To: or Cc: line, or comes from
one of the mailing lists I'm on.  It's quite effective.  It probably does
bounce the odd legitimate mail, but not too often.

Will banning HTML mail catch on?  I doubt it.  I've had complaints that
the MIMEDefang list bounces HTML, and people trying to post there should
know better. :-(

--
David.



More information about the MIMEDefang mailing list