[Mimedefang] Re: HTML e-mail is unspeakably evil (was Re: [Mimedefang] Considering an additional spam filter)

Joseph Brennan brennan at columbia.edu
Tue May 27 09:15:01 EDT 2003


David Skoll noted,
> HTML mail is unspeakably evil, and simple-minded solutions will not
> work.  Consider:
>
> As seen on Op<noframes>pression is contrary to the To</noframes>rah...


And I tend to agree.  This is like the early days of spam header
forgery a few years back, when it was easy to reject mail for
stupid errors.  Remember the one that had timezone "-0700 EST"?

This junk will be done better and better.

Reject all html mail?  Maybe.  It has its proponents although
personally I could live happily without it.

The purpose of the obfuscation seems to be the same as pointless
base64 encoding: to foil very simple checks for words in text.
But SA routinely strips tags before matching.  Ironically it is
the obfuscation itself that calls out this stuff as spammy.  Some
of it doesn't score all that high otherwise.

Anyway the essential point is to put tags inside words with
no spaces around them.  Thus

   As seen on Op<noframes>pression

is more suspicious than

   As seen on Op <noframes> pression

But spaces look small in many fonts, and if putting them in
makes the spam pass, they'll do it before long.  Spamware has
a natural cycle.  We hardly see "To: friend at public.com" any more.


Joseph Brennan          Columbia University in the City of New York
postmaster at columbia.edu                 Academic Technologies Group






More information about the MIMEDefang mailing list