[Mimedefang] new obfuscation
Joseph Brennan
brennan at columbia.edu
Tue Feb 17 14:44:22 EST 2004
--On Tuesday, February 17, 2004 12:31 PM -0500 "Jon R. Kibler"
<Jon.Kibler at aset.com> wrote:
>
> Actually, its ancient. I have some spam samples (archived somewhere)
> going back to the late 1990s that used HTML comments to accomplish the
> same thing.
Yeah, but the new bit was using not comments, and not bogus tags,
and not no-op real tags, but random URL tags to real web pages.
One effect is that it all could pass HTML validation. Another is
that analyzers like Spamcop will annoy the owners of the URLs that
were randomly inserted.
I've got a test looking for <A HREF=[^>]*></A>, that is with nothing
to click on between the two, and logging its finds. So far it's got
only things that already scored pretty well as spam.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list