On Sat, 12 Sep 2020, Loren Wilton wrote:
It's properly formed. Compare the plaintext part to the HTML part, note
that the base64 block is QP'd base64, and note that there's some more QP
spam pitch text after the base64 block.
Ah. I completely missed the division boundary a third of the way thru, or for
that matter the pdf attachment at the end.
I fairly commonly see plaintext versions that include some of the hidden or
small-font obfuscation from the HTML part. My assumption is there is some
tool that generates the plaintext from the spam-built HTML and does a
suboptimal rendering job. I'm guessing this isn't generally a problem since I
think most mail programs suppress the plaintext part when there is an HTML
part present.
It's a problem for SA because enough embedded "invisible" text can push
the suspicious text out of the "body" buffer, thus hiding it from rules.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Are you a mildly tech-literate politico horrified by the level of
ignorance demonstrated by lawmakers gearing up to regulate online
technology they don't even begin to grasp? Cool. Now you have a
tiny glimpse into a day in the life of a gun owner. -- Sean Davis
-----------------------------------------------------------------------
Today: the 337th anniversary of the muslim Ottoman defeat at Vienna
