HTML e-mail is unspeakably evil (was Re: [Mimedefang] Considering an additional spam filter)

David F. Skoll dfs at roaringpenguin.com
Mon May 26 11:51:01 EDT 2003


On Mon, 26 May 2003, Joseph Brennan wrote:

> The strategy of checking for obfuscation itself as a spam indicator
> is good.

HTML mail is unspeakably evil, and simple-minded solutions will not
work.  Consider:

As seen on Op<noframes>pression is contrary to the To</noframes>rah...

Here, you actually have to understand the semantics of the tags;
just stripping them out will fail.

For an even worse example, first articulated by John Graham-Cumming,
the POPFile author, see http://www.roaringpenguin.com/dastardly.html
(Use "view source" to appreciate the cleverness of that trick.  It
uses plain-vanilla HTML to encode the text using a transposition cipher.)

I believe fighting HTML tricks will become a losing battle, just like
keeping up with virus signatures.  Just as a lot of people simply
ban all .exe files, I believe in the long run, we'll have to just ban
HTML mail (which will be one of the few happy consequences of spam. :-))

--
David.



More information about the MIMEDefang mailing list