HTML e-mail is unspeakably evil (was Re: [Mimedefang] Considering an additional spam filter)
David F. Skoll
dfs at roaringpenguin.com
Mon May 26 11:51:01 EDT 2003
On Mon, 26 May 2003, Joseph Brennan wrote:
> The strategy of checking for obfuscation itself as a spam indicator
> is good.
HTML mail is unspeakably evil, and simple-minded solutions will not
work. Consider:
As seen on Op<noframes>pression is contrary to the To</noframes>rah...
Here, you actually have to understand the semantics of the tags;
just stripping them out will fail.
For an even worse example, first articulated by John Graham-Cumming,
the POPFile author, see http://www.roaringpenguin.com/dastardly.html
(Use "view source" to appreciate the cleverness of that trick. It
uses plain-vanilla HTML to encode the text using a transposition cipher.)
I believe fighting HTML tricks will become a losing battle, just like
keeping up with virus signatures. Just as a lot of people simply
ban all .exe files, I believe in the long run, we'll have to just ban
HTML mail (which will be one of the few happy consequences of spam. :-))
--
David.
More information about the MIMEDefang
mailing list