Theoretically, there should never be a @ symbol in the URL unless it contains authentication. I can't think of that happening too often.
The problem is searching for http://%@% where % is the wildcard. I don't think this is possible with the current filters. Scott? Maybe just placing a weight test to search for @ or %40 would help, but as _M just pointed out there are some that will be trapped. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist > Sent: Thursday, December 19, 2002 1:18 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Hex Code URL's... > > > We've done some research on this and experimented with some > rules. More rule templates are coming, but as it turns out - > filtering this is harder than you might expect - depending > upon your system's requirements. Many supposedly legitimate > mail/news systems encode large segments of URLs or even > entire urls after some processing root in order to track user > activity. Many of our first attempts to filter based on this > kind of encoding have since been rejected due to false > positive requests. > > One such rule even blocked messages from the IMail list due > to an encoded %40 in the tag line. > > One trick that seems to reduce the false positive rate is to > define the root of the URL carefully and to ensure that the > pattern match is at the root of the URL... so, for example, > look for the href=" or href= at the top of the url to avoid > the kind of legitimate encoding that might come later. > > Hope this helps, > _M > > PS: We do have a number of rules coding for patters like this > and they are very successful - not as successful as we > thought they would be, but still pretty good! > > Pete McNeil (Madscientist) > President, MicroNeil Research Corporation > Chief SortMonster (www.sortmonster.com) > --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
