Maybe you're not seeing everything that I sent to the list, in which case, let me reprint the body of the message and modify the links so I don't set off the filters:
<html><body>
<center><!--kpz4j815n29--><a href="http://www-dot-wholesale22-dot-com/host/default.asp?ID=omni";><img src="http://discountrate2-dot-com/pics/gv1.gif"; height="270" width="405"></a></center>
</html></body>
Ah, I see now. This can get tricky though -- looking for no visible text at all (just HTML tags) would be easy for spammers to bypass. Checking for the amount of visible text compared to the amount of HTML code seems like a good idea at first, except thanks to Microsoft Word E-mail, that won't work anymore (it has something like 8K of HTML code even for a single sentence).
-Scott
I've asked about this in the past... I'll poke it again just to see if it moves ;-).
A feature that delays incoming mail from unfamiliar (new) source IPs would allow heuristic tests (like Message Sniffer) and rbls time to add coding for the messages before processing them. That is, if the connecting IP is unknown then Declude could park the message in a folder for some amount of time (perhaps a day, a half day? user defined). When the time period is up then Declude would process the message as if it were new and if it passed all the tests it would be put in the spool for normal delivery.
During the waiting period, spamtraps and rbl services all over the planet would pick up the message and add filters and IPs to their systems. By the time the message gets processed the filters are in place and it gets stomped. (Spamtraps and critical addresses would be exempt from the delay of course)
Messages that don't get stomped get their IP added to the "known" list so that legit messages never wait. If a spam slips through the delayed queue and becomes a "known" source then it's still no better off than a spam is now... AND, since a delay is mostly harmless it would be ok to knock an IP out of the "known" list any time an apparent spam comes from that address.
What do you think?
_M
PS: By the way, this is also a great way to give virus scanners time to react to new threats.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
![http://discountrate2-dot-com/pics/gv1.gif"](http://discountrate2-dot-com/pics/gv1.gif"){kind=link}