As mail admins we really need to learn to take time to read our mail for intent. <grin>. I don't know the answer to Harry's question so I wasn't paying attention to the thread. When I scanned back through it I realized that everyone is telling him how to block things he doesn't WANT to block.
Let's see if I can explain his intent better then someone else can hop back in with an answer. He does NOT want to block messages with IP addresses in the subject. He DOES want to block (or score higher) messages that have ENCODED subjects (or possibly, according to his last message -- even encoded strings in the body). It doesn't matter if the string is "192.168.42.234" or "Moms apple pie recipe" -- If it's encoded using "%" hacks he wants to score it as spam. Personally, I'd restrict that to the Subject: header. I know of NO legitimate reason to use such hacks in a message subject. But, a lot of programs that "Send Link As Email" will leave the "%" hacks for non-displaying characters like spaces in the link they drop into the body of the message -- and cut/paste from the address bar of a browser to a message body will generally do the same. So, to reiterate. How does one score a message as spam if there is HTML encoding in the .Subject: header -- while ignoring HTML encoding elsewhere in the message? Gerald On Fri, 19 Mar 2004 15:39:20 -0500 Harry Vanderzand <[EMAIL PROTECTED]> wrote: > > Let me re-iterate again > > I would like to treat any mail where the source code of the mail is > disguising either text or the URL. It is the act of disguising it in > code > that I think we can use to trap. Just because a URL is in the form of > an IP > is not a valid reason to mark it as spam. > > What I REALLY WOULD LIKE TO ASK IS ABOUT THE CODING OF THE SOURCE CODE IN > E-MAILS > > Can it be trapped? > > My apologies if I cannot explain it better > > > > > > > > > > Well, let us ask the entire list if there are valid reasons > > that people would send an IP in a URL. I tested this for 2 > > months and didn't have a single legitimate e-mail like this. > > We did have people sending IP addresses, but not as a url. > > For example: My server IP is 156.23.140.10. Not one case > > had someone say " my website is > > http://[insert ip here]" > > > > > > > > Jason > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Harry Vanderzand > > Sent: Friday, March 19, 2004 1:32 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers > > > > > > I am not sure if my request here is being understood. > > > > I would not want to mark all messages with an IP in the url > > as spam. Only those messages that use %nnn%nnn%nnn etc. When > > you view source of an html message you can see this kind of > > coding. As in this case: //205.159.%372.%32%30/mort/ > > > > We always do a view source and take the url out of the source > > and then blacklist that, for those messages that were no > > caught by anti-spam at the time. > > > > I do not know what that process is called and have only ever > > seen it in source code of certain spam e-mail > > > > Harry Vanderzand > > inTown Internet & Computer Services > > 11 Belmont Ave. W. > > Kitchener, ON > > N2M 1L2 > > 519-741-1222 > > Did you know we offer: > > - Province wide dial-up and high speed internet access > > - Web accessible email with anti-spam\antivirus protection > > - Computer hardware sales and service > > - Experienced website developers > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Jason > > > Sent: Friday, March 19, 2004 1:41 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers > > > > > > > > > We created an Imail rule to block these. Here is what we use: > > > > > > (http\://\d\d\.|http\://\d\d\d\.):spambox > > > > > > > > > This seems to work very well. > > > > > > > > > Jason > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Harry > > > Vanderzand > > > Sent: Friday, March 19, 2004 12:30 PM > > > To: [EMAIL PROTECTED] > > > Subject: [Declude.JunkMail] Detecting disguised url's in headers > > > > > > > > > IE this url: //205.159.%372.%32%30/mort/ obviously gets translated > > > and I could do so also. It would take a lot of extra time. I copy > > > the url out of headers of spam that gets through and put it into my > > > filter file. These are bothersome however. > > > > > > Is there a way that we could just mark these kind of mails > > as spam? I > > > think it would be just spammers that do this. > > > > > > thanks > > > > > > Harry Vanderzand > > > inTown Internet & Computer Services -- Gerald V. Livingston II Configure your Email to send TEXT ONLY -- See the following page: http://expita.com/nomime.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
