[Mimedefang] Looking for an example of obfuscated HTML

Keith Dowell keith at rogersmfg.com
Wed Aug 6 09:43:01 EDT 2003 

i personally would rather just drop anything with html in it

out of over 100 users in 5 locations I have had only 2 complain that email
cant get through - only in one single case was the email work related - to
which I contacted the vendor and stepped them through zipping their htm
attachment to send to us

at the moment i have sa set at 4 and mimedefang dropping anything (aside
from the default) with htm, html, etc as an attachment and this seems to
work very well

in a little less than a month the combo has caught over 4000 spams and
around 500 suspect attachments (usually exe or pif or bat)

imo, if you're not an isp a standard policy (such as most) should be no
personal email to work accounts - then you can fall back on that when cousin
john or jane's html email doesnt come through telling about the latest
family reunion or forwarding the forward of a forward of a forward... of a
joke thats been roaming the internet for 10 years

you'll get a few complaints at first if they arent used to this - just take
a few minutes and set them up with a free web mail account and they'll be
happy (usually they already have one - in which case i commonly get 'I
didn't know i could access it from work') - to me if they're doing personal
email all day they're not going to be getting their job done and their
supervisor will take care of that, either directing me to block traffic for
that one user, or just getting rid of them - either way - not really my
concern

----- Original Message -----
From: "Kevin A. McGrail" <kmcgrail at pccc.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Wednesday, August 06, 2003 7:59 AM
Subject: Re: [Mimedefang] Looking for an example of obfuscated HTML


> David,
>
> All good points.  However, in defense of the idea, I was posting more of a
> starting point to render the HTML into plain text.  Obviously there needs
to
> be something added for MonoSpace and Font Size=0 and white on white at the
> very worst.
>
> Unfortunately, I don't think the majority of customers/users are going to
> allow the getting rid of HTML emails.  Hell, I can hardly stop people from
> using that darn hotbar that adds graphics to emails for people
> automatically.
>
> Anyway, I think an HTML to Plaintext rendering engine for SpamAssassin
prior
> to running tests might be a good idea for finding spam. It might also be
> useful for MimeDefang especially on the multipart MIME type spams.  I
think
> comparing the plain text to the html "plaintext" would be an interesting
> test.
>
> Perhaps someone out there wants to help and we can run it through a few
> spam/ham corpuses and see if would be a good test to add?
>
> KAM
>
> > No, that was correct, but if you strip out the HTML from
"dastardly.html",
> > you end up with this:
> >
> > Tedhxiiassmg puilises iaon fgd aahs itssap ramdmelmsyes ra g e .
> >
> > How are you going to filter that?
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list