You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steven Manross <sm...@Insight.com> on 2004/02/20 17:00:55 UTC
RE: [Dshield] Incredible spam obfuscation (from MIMEDefang maillist)
Isnt the answer really to catch the unclickable link...
Namely,
/<A HREF.*><\/A>/
As suggested in the link he gave?
Granted I havent tried this as a regex and it probably has holes, but It
doesn't seem normal to have a link that doesn't give the option to click
it.
:)
Steven
-----Original Message-----
From: Chris Santerre [mailto:csanterre@MerchantsOverseas.com]
Sent: Friday, February 20, 2004 7:26 AM
To: 'John Hardin'; SpamAssassin list
Subject: RE: [Dshield] Incredible spam obfuscation (from MIMEDefang
maillist)
> -----Original Message-----
> From: John Hardin [mailto:johnh@aproposretail.com]
> Sent: Thursday, February 19, 2004 3:58 PM
> To: SpamAssassin list
> Subject: Re: [Dshield] Incredible spam obfuscation (from MIMEDefang
> maillist)
>
>
> On Thu, 2004-02-19 at 10:26, Jon R. Kibler wrote:
>
> >
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr
> uary/020188.html
> >
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr
> uary/020203.html
>
> Any rules to catch this trick?
>
> --
> John Hardin KA7OHZ
I saw this as a direct attempt to foil Bigevil and similar URL marking
rules. Like Bayes poison (fodder) they are trying to mess up automated
scripts from harvesting the correct URLs to blacklist. But I do these by
hand, so I only pull out the legit URLs from these spam.
So Short answers is I've not seen a rule for this. But I do have the
legit URLs in my Bigevil for the ones I do get.
Chris Santerre
System Admin and SA Custom Rules Emporium keeper
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin