You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jeff Chan <je...@surbl.org> on 2004/09/17 06:41:18 UTC
URI obfuscation check
SpamCop got fooled by this URI obfuscation, so I wrote them about
it. Would someone please feed it through SA to see if it handles
it correctly:
__ CUT HERE __
Return-Path: <tt...@sbcglobal.net>
Received: from 66.170.1.10 ([221.139.191.210])
by smtp1.supranet.net (8.12.10/8.12.10) with SMTP id i8H3Esqa012117;
Thu, 16 Sep 2004 22:14:57 -0500 (CDT)
Received: from excite.com (excite.com [99.96.101.86])
by excite.com (Postfix) with ESMTP id 055113140
for <MU...@MUNGED.MUNGED>; Fri, 17 Sep 2004 07:15:03 +0300
Message-ID: <2....@excite.com>
X-Sender: seclude@excite.com
X-Mailer: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529 _2
Date: Fri, 17 Sep 2004 06:10:03 +0200
To: <MU...@MUNGED.MUNGED>
From: "Gaines, Sherman" <tt...@sbcglobal.net>
Subject: Why does one little pill cost so much?
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--1661109222109204323"
X-UIDL: hb>"!m\6!!88A"!ZC&#!
----1661109222109204323
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
<html><p>
Hi, how are you doing today? Tired of paying so much to stay healthy? Cautions of purchasing meds on the web? We carry a wide variety of products with no need for a prescri ption. We have a simple to use site with no long forms to fill out. Our site is located at the link below:
<br>
http://www.tappet.sadsdcvf.c<input type="hidden" value="">om</p>
</html>
----1661109222109204323--
__ CUT HERE __
My mail client, The Bat! displayed the URI correctly, but did not
make it clickable.
TIA,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: URI obfuscation check
Posted by Ryan Thompson <ry...@sasknow.com>.
Jeff Chan wrote to SpamAssassin Users:
> Update on the previous, interestingly the HTML renderer in The Bat!
> 1.62q did not make the link clickable, but the plaintext message
> renderer did.
That's because the HTML did not actually contain a link (anchor); just
the plaintext URI. Many plaintext renderers will, however, link anything
that looks like a URI.
- Ryan
--
Ryan Thompson <ry...@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
Re: URI obfuscation check
Posted by Jeff Chan <je...@surbl.org>.
Update on the previous, interestingly the HTML renderer in The
Bat! 1.62q did not make the link clickable, but the plaintext
message renderer did.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: URI obfuscation check
Posted by Daniel Quinlan <qu...@pathname.com>.
Jeff Chan <je...@surbl.org> writes:
> SpamCop got fooled by this URI obfuscation, so I wrote them about
> it. Would someone please feed it through SA to see if it handles
> it correctly:
It doesn't matter because the message had a score of 19. In 2.64, it
had a score of 11.
With network tests, the score was 27 including URIBL_SBL,
URIBL_SC_SURBL, and URIBL_WS_SURBL. In 2.64, the score was 15.
That must burn.
Daniel
--
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/ http://www.apachecon.com/ sessions & more)