Let me re-iterate again I would like to treat any mail where the source code of the mail is disguising either text or the URL. It is the act of disguising it in code that I think we can use to trap. Just because a URL is in the form of an IP is not a valid reason to mark it as spam.
What I REALLY WOULD LIKE TO ASK IS ABOUT THE CODING OF THE SOURCE CODE IN E-MAILS Can it be trapped? My apologies if I cannot explain it better > > > Well, let us ask the entire list if there are valid reasons > that people would send an IP in a URL. I tested this for 2 > months and didn't have a single legitimate e-mail like this. > We did have people sending IP addresses, but not as a url. > For example: My server IP is 156.23.140.10. Not one case > had someone say " my website is > http://[insert ip here]" > > > > Jason > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harry Vanderzand > Sent: Friday, March 19, 2004 1:32 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers > > > I am not sure if my request here is being understood. > > I would not want to mark all messages with an IP in the url > as spam. Only those messages that use %nnn%nnn%nnn etc. When > you view source of an html message you can see this kind of > coding. As in this case: //205.159.%372.%32%30/mort/ > > We always do a view source and take the url out of the source > and then blacklist that, for those messages that were no > caught by anti-spam at the time. > > I do not know what that process is called and have only ever > seen it in source code of certain spam e-mail > > Harry Vanderzand > inTown Internet & Computer Services > 11 Belmont Ave. W. > Kitchener, ON > N2M 1L2 > 519-741-1222 > Did you know we offer: > - Province wide dial-up and high speed internet access > - Web accessible email with anti-spam\antivirus protection > - Computer hardware sales and service > - Experienced website developers > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Jason > > Sent: Friday, March 19, 2004 1:41 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers > > > > > > We created an Imail rule to block these. Here is what we use: > > > > (http\://\d\d\.|http\://\d\d\d\.):spambox > > > > > > This seems to work very well. > > > > > > Jason > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Harry > > Vanderzand > > Sent: Friday, March 19, 2004 12:30 PM > > To: [EMAIL PROTECTED] > > Subject: [Declude.JunkMail] Detecting disguised url's in headers > > > > > > IE this url: //205.159.%372.%32%30/mort/ obviously gets translated > > and I could do so also. It would take a lot of extra time. I copy > > the url out of headers of spam that gets through and put it into my > > filter file. These are bothersome however. > > > > Is there a way that we could just mark these kind of mails > as spam? I > > think it would be just spammers that do this. > > > > thanks > > > > Harry Vanderzand > > inTown Internet & Computer Services > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a > > reverse DNS entry. All Internet hosts are required to have > a reverse > > DNS entry. The missing reverse DNS entry will cause your mail to be > > treated as spam on some servers, such as AOL.] > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
