SP>Unfortunately, that can be difficult to determine. You would need to view SP>the raw source of the E-mail, which many mail clients don't support (you SP>would need to be able to see the MIME headers).
MG>I am using a great 3rd-party Outlook add-on called PocketKnife Peek MG>(http://www.xintercept.com/pkpeek.htm) --which I highly recommend to anyone, MG>by the way--which allows me to view the plain text, html source and full MG>headers of any message (so I can avoid viruses and also see why filtering on MG>words doesn't always work for every message). Assuming I can see MIME MG>headers, what would I look for? Mike, I use Outlook and Exchange as well, so I thought I'd point something out, and also check out your software tip. Outlook will cheerfully show you the decoded version of a BASE64 text attachment, such as when you get a HTML formatted message that is BASE64 encoded, and do a File, Save As you will get the decoded text. PocketPeek will do the same in the Plain Text and the HTML Source tabs. The Internet Header tab, though, will show "Content-Transfer-Encoding: base64" as one of the last lines. I'll include a sanitized header below. I recommend the BASE64 test from the JunkMail manual. However, thanks to John Tolmachoff, I have some recommendations for JunkMail Pro users to counterbalance mail from servers that send BASE64 encoded text for no good reason: #Nov-29-2002 AC Cancel the BASE64 weight when the client was OWA for Exchange 2000 and Enterprise HEADERS -10 CONTAINS Microsoft Exchange V6.0.5762.3 HEADERS -10 CONTAINS Microsoft Exchange V6.0.6249.0 #Jan-21-2003 AC Cancel the BASE64 weight for other products that happen to encode body test as BASE64 HEADERS -10 CONTAINS QuickMail Pro Server for Mac Andrew 8) p.s. Similar to the way you use PocketPeek, I turn off all my rich content rendering in Internet Explorer so as to not trigger web bugs and advertisements in HTML messages. Sample Header from a spam with a BASE64 encoded text attachment: Received: from bestwaytogo.us [4.65.167.214] by mail.bentall.com (SMTPD32-7.13) id A8B47FD00E8; Tue, 29 Jul 2003 06:37:56 -0700 Message-ID: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: "snip" <snip> Subject: Are you prepared? xhl Date: Tue, 29 Jul 2003 17:40:15 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPartTM-000-8e9e28a5-514a-484e-ba23-aacca6b633b3" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. This is a multi-part message in MIME format. ------=_NextPartTM-000-8e9e28a5-514a-484e-ba23-aacca6b633b3 Content-Type: multipart/alternative; boundary="----=_NextPart_3A7_4927_C43ED1B6.CFC72D31" ------=_NextPart_3A7_4927_C43ED1B6.CFC72D31 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ------=_NextPart_3A7_4927_C43ED1B6.CFC72D31 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 ------=_NextPart_3A7_4927_C43ED1B6.CFC72D31-- ------=_NextPartTM-000-8e9e28a5-514a-484e-ba23-aacca6b633b3-- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
