[Mimedefang] Looking for an example of obfuscated HTML
Kevin A. McGrail
kmcgrail at pccc.com
Wed Aug 6 10:00:01 EDT 2003
> HTML and especially JavaScript are simply too dangerous, too complicated,
> and too poorly-specified for proper handling by a content filter. Of
course,
> I don't propose giving up -- there's no reason not to go for the
low-hanging
> fruit and the simpleminded tricks used by unsophisticated spammers -- but
> realize that HTML mail is Pure Evil and will be the main method for
sneaking
> past content filters.
You are making wonderful points as I expected but I do think the framework
needs to be started (or enhanced as Joseph Brennan pointed out). That or a
campaign to convince a few major ISPs to ban HTML mail starting a trend that
smaller ISPs can then mimic and point at the big guys and say "they do it".
However, I think you are trying to stay "ahead" of the spammers and this
might simply boil down to a reactive measure only akin to anti-virus
measures. Someone will have to get hit first before we can modify the
framework to decode the next one.
Finally, I think that perhaps a sub-measure of HTML blocking might be more
acceptable to the masses. For example, I am thinking if you need to receive
HTML messages, than modifying HTML messages to remove JavaScript is a smart
move.
For my further thinking, anyone think of a legit use of JavaScript in an
HTML email?
KAM
More information about the MIMEDefang
mailing list