>I'm trying to write a rule to catch a certain kind of spam. In these >messages, any or all of the >header may be forged, but in the commercial come-on in the body, they >always include a link to a web >site. These are HTML emails and of course the link is a standard A HREF >tag. My logic is that if I >filter for that URL then it won't matter if the header is forged. But it >doesn't seem to work >reliably. I thought IMail would parse the HTML and find any text that >matched? Couldn't find this in >the archives. Here is part of my rule that failed to stop repeat mailings >from cbphost.net: > >B~(cbphost\.net|mylottomail\.com|free-o-rama\.com):NUL
More and more spammers -- especially the HTML spammers -- are starting to use base64 to encode their spam, which is transparent to you if you are using a standard mail client. If you look at these E-mails on the server, though, you'll see that they look like gibberish (the same way an attachment would look). Because of the encoding, standard filters won't work on the E-mail. We recently added detection of these base64 encoding in text and HTML MIME segments to Declude JunkMail (since there is rarely, if ever, a legitimate reason to use this type of encoding in text or HTML). Also, Message Sniffer ( http://www.sortmonster.com ) is able to open the base64 encoded segments for scanning (although it doesn't let you add your own filters, it can catch most spam on its own that way). -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
