[Mimedefang] Considering an additional spam filter
Dave Helton
dave at kd0yu.com
Sat May 24 21:17:01 EDT 2003
On Sat, 2003-05-24 at 03:46, Michael Sims wrote:
> Quoting Jim McCullars <jim at info.uah.edu>:
>
> > We are getting a lot of spam that SpamAssassin is not catching because it
> > has a high degree of "obfuscated html" and SA catches this only when the
> > spammer uses actual HTML comment tags.
>
> Yeah, I'm seeing this too. I first noticed it when I saw the word "Oprah" in
> some HTML spam. I knew that the mere presence of the word "Oprah" should have
> greatly increased the spam score, but this message had scored very low. When I
> viewed the source I saw what you describe with a letter or two interspersed
> with invalid HTML tags.
Begin: Random thought..
I am seeing a lot of the html obfuscation also. When viewed in a html
enabled MUA you see stuff that should be caught by SA.
My question is, what if a copy of the email was striped of all html tags
and content between the tags and ran through SA again. Or if a not to
complex test determined this email looks funny.. strip it and run it
through the first time. I think this might expose "Oprah" ;)
--Dave Helton
--Real World Computing
More information about the MIMEDefang
mailing list