RE: [Declude.JunkMail] Cryptic URL in source
David, Could I suggest that you consider adding something along those lines or perhaps adding support for regular expressions? It would make the filters much more flexible and powerful. Sometimes spammers will vary only 1 or 2 characters in a URL and this would enable us to block their variations with one line in the filter. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, November 11, 2005 10:46 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Dave, There currently is no pattern matching in Declude filters. David Franco-Rocha Declude Technical / Engineering - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 6:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains .google.com.pr/url?q BODY 0 contains .google.cg/url?q BODY 0 contains .google.ro/url?q BODY 0 contains .google.ru/url?q BODY 0 contains .google.rw/url?q BODY 0 contains .google.sh/url?q BODY 0 contains .google.com.vc/url?q BODY 0 contains .google.sm/url?q BODY 0 contains .google.co.yu/url?q BODY 0 contains .google.com.sg/url?q BODY 0 contains .google.sk/url?q BODY 0 contains .google.co.kr/url?q BODY 0 contains .google.es/url?q BODY 0 contains .google.se/url?q BODY 0 contains .google.ch/url?q BODY 0 contains .google.com.tw/url?q BODY 0 contains .google.co.th
Re: [Declude.JunkMail] Cryptic URL in source
Take a look at SpamAssassin or the SA plug-in for Declude. Bill - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, November 11, 2005 8:56 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source David, Could I suggest that you consider adding something along those lines or perhaps adding support for regular expressions? It would make the filters much more flexible and powerful. Sometimes spammers will vary only 1 or 2 characters in a URL and this would enable us to block their variations with one line in the filter. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, November 11, 2005 10:46 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Dave, There currently is no pattern matching in Declude filters. David Franco-Rocha Declude Technical / Engineering - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 6:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains .google.com.pr/url?q BODY 0 contains .google.cg/url?q BODY 0 contains .google.ro/url?q BODY 0 contains .google.ru/url?q BODY 0 contains .google.rw/url?q BODY 0 contains .google.sh/url?q BODY 0 contains .google.com.vc/url?q BODY 0 contains .google.sm/url?q BODY 0 contains .google.co.yu/url?q BODY 0 contains .google.com.sg/url?q BODY 0 contains .google.sk/url?q BODY 0 contains .google.co.kr/url?q BODY 0 contains .google.es/url?q BODY 0
Re: [Declude.JunkMail] Cryptic URL in source
I believe when this was broached last year, I believe Scott P. stated regexp parsing consume too much CPU for Declude. However, we added a regexp filter very easily using the built-in command line regexp parsing in Windows, thanks to Sandy pointing it out. It doesn't have all of the functionality in Decludes filters since it's an all or nothing weight, but has worked well for us. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, November 11, 2005 11:56 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source David, Could I suggest that you consider adding something along those lines or perhaps adding support for regular expressions? It would make the filters much more flexible and powerful. Sometimes spammers will vary only 1 or 2 characters in a URL and this would enable us to block their variations with one line in the filter. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, November 11, 2005 10:46 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Dave, There currently is no pattern matching in Declude filters. David Franco-Rocha Declude Technical / Engineering - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 6:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains
Re: [Declude.JunkMail] Cryptic URL in source
We also have a free reg-ex plug in for Declude at our site invRegex (http://www.invariantsystems.com) as said below be careful cause regex processing can get expensive depending on the regex. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Darin Cox writes: I believe when this was broached last year, I believe Scott P. stated regexp parsing consume too much CPU for Declude. However, we added a regexp filter very easily using the built-in command line regexp parsing in Windows, thanks to Sandy pointing it out. It doesn't have all of the functionality in Decludes filters since it's an all or nothing weight, but has worked well for us. Darin. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, November 11, 2005 11:56 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source David, Could I suggest that you consider adding something along those lines or perhaps adding support for regular expressions? It would make the filters much more flexible and powerful. Sometimes spammers will vary only 1 or 2 characters in a URL and this would enable us to block their variations with one line in the filter. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, November 11, 2005 10:46 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Dave, There currently is no pattern matching in Declude filters. David Franco-Rocha Declude Technical / Engineering - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 6:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q
Re: [Declude.JunkMail] Cryptic URL in source
Dave, The issue here is that not only would the entire filtering mechanism need to be rewritten, but also the entire parsing mechanism. Right now Declude does minimal parsing of messages, and for instance, filters will do plain text matching on both encoded base64 as well as the unencoded base64. They would need to fully deMIME the message and parse each individual segment according the the appropriate headers (keeping in mind that messages can appear within messages, that can appear within other messages and so on). Not only is base64 code a problem, but also quoted printable encoding, and then there are the obfuscation techniques that use URL and HTML encoding, but if you decode, you also want the encoded stuff available to filtering since the patterns there can be much stronger than when decoded. I think that it is reasonable to say that this is all very desirable, but there is no quick fix that can be expected. Matt Dave Beckstrom wrote: David, Could I suggest that you consider adding something along those lines or perhaps adding support for regular expressions? It would make the filters much more flexible and powerful. Sometimes spammers will vary only 1 or 2 characters in a URL and this would enable us to block their variations with one line in the filter. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of David Franco-Rocha [ Declude ] Sent: Friday, November 11, 2005 10:46 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Dave, There currently is no pattern matching in Declude filters. David Franco-Rocha Declude Technical / Engineering - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 6:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an "*" is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/u
RE: [Declude.JunkMail] Cryptic URL in source
Yes that would work. However I want a method that traps all mail that uses this deceptive practice. Is there no way to detect this trick? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Wednesday, November 09, 2005 5:28 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Cryptic URL in source No problem. BODY 500contains google.com/url?q= -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Glenn \ WCNet Sent: Wednesday, November 09, 2005 4:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I've been getting reports of that from customers all day. G.Z. - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 4:05 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Certainly Here is what you see in the e-mail http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 Here is what is in the source: href=http://www.google.com/url?q=http://www.google.com/url?q=http://% 73%5 4% 41%09Nd%09%7aA.n%09e%74/%63%67i- b%09%69n%09/%70%6fch/%72e%09di%72.%63g%69?s= intown.nethttp://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ 8vk0 / a Not that different from some of the phishing e-mails This has got to be detectable and should be cause for immediate deletion. Who has legitimate cause to hide their identity? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, November 09, 2005 4:40 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Do you have an example? - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 10:18 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source Any ideas on this? When the URL is hidden with cryptic characters in the source code of an e-mail it seems to me that it is obviously not a legitimate e-mail in that deception is being used. Is there not an easy way to stop e-mail where these practises are being used? I am running imail 8.21 and declude 3.05.18, the latest sniffer and Invuribl Assistance is appreciated Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cryptic URL in source
I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains .google.com.pr/url?q BODY 0 contains .google.cg/url?q BODY 0 contains .google.ro/url?q BODY 0 contains .google.ru/url?q BODY 0 contains .google.rw/url?q BODY 0 contains .google.sh/url?q BODY 0 contains .google.com.vc/url?q BODY 0 contains .google.sm/url?q BODY 0 contains .google.co.yu/url?q BODY 0 contains .google.com.sg/url?q BODY 0 contains .google.sk/url?q BODY 0 contains .google.co.kr/url?q BODY 0 contains .google.es/url?q BODY 0 contains .google.se/url?q BODY 0 contains .google.ch/url?q BODY 0 contains .google.com.tw/url?q BODY 0 contains .google.co.th/url?q BODY 0 contains .google.tt/url?q BODY 0 contains .google.com.tr/url?q BODY 0 contains .google.com.ua/url?q BODY 0 contains .google.ae/url?q BODY 0 contains .google.co.uk/url?q BODY 0 contains .google.com.uy/url?q BODY 0 contains .google.uz/url?q BODY 0 contains .google.co.ve/url?q BODY 0 contains .google.com.vn/url?q - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 4:05 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Certainly Here is what you see in the e-mail http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 Here is what is in the source: href=http://www.google.com/url?q=http://www.google.com/url?q=http://%73%54% 41%09Nd%09%7aA.n%09e%74/%63%67i-b%09%69n%09/%70%6fch/%72e%09di%72.%63g%69?s= intown.nethttp://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0/ a Not that different from some of the phishing e-mails This has got to be detectable and should be cause for immediate deletion. Who has legitimate cause to hide their identity? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, November 09, 2005 4:40 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Do you have an example? - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 10:18 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source Any ideas on this? When the URL is hidden with cryptic characters in the source
RE: [Declude.JunkMail] Cryptic URL in source
Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains .google.com.pr/url?q BODY 0 contains .google.cg/url?q BODY 0 contains .google.ro/url?q BODY 0 contains .google.ru/url?q BODY 0 contains .google.rw/url?q BODY 0 contains .google.sh/url?q BODY 0 contains .google.com.vc/url?q BODY 0 contains .google.sm/url?q BODY 0 contains .google.co.yu/url?q BODY 0 contains .google.com.sg/url?q BODY 0 contains .google.sk/url?q BODY 0 contains .google.co.kr/url?q BODY 0 contains .google.es/url?q BODY 0 contains .google.se/url?q BODY 0 contains .google.ch/url?q BODY 0 contains .google.com.tw/url?q BODY 0 contains .google.co.th/url?q BODY 0 contains .google.tt/url?q BODY 0 contains .google.com.tr/url?q BODY 0 contains .google.com.ua/url?q BODY 0 contains .google.ae/url?q BODY 0 contains .google.co.uk/url?q BODY 0 contains .google.com.uy/url?q BODY 0 contains .google.uz/url?q BODY 0 contains .google.co.ve/url?q BODY 0 contains .google.com.vn/url?q - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 4:05 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Certainly Here is what you see in the e-mail http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 Here is what is in the source: href=http://www.google.com/url?q=http://www.google.com/url?q=http://%73%5 4% 41%09Nd%09%7aA.n%09e%74/%63%67i- b%09%69n%09/%70%6fch/%72e%09di%72.%63g%69?s= intown.nethttp://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 / a Not that different from some of the phishing e-mails This has got to be detectable and should be cause
Re: [Declude.JunkMail] Cryptic URL in source
I don't believe so. - Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, November 10, 2005 5:03 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Scott, Doesn't Declude support a wild card character for single character matching in filters? EG, let's say an * is a wild card. STOPATFIRSTHIT BODY 0 contains .google.*/url?q BODY 0 contains .google.**/url?q BODY 0 contains .google.***/url?q The above would then accomplish the same thing as the entire filter below. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Thursday, November 10, 2005 4:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I ran across this in one of my unused filters folders. Some great Declude user (not me) posted it in August. So the google redirect has been abused for months. STOPATFIRSTHIT BODY 0 contains .google.com/url?q BODY 0 contains .google.as/url?q BODY 0 contains .google.com.ar/url?q BODY 0 contains .google.com.au/url?q BODY 0 contains .google.at/url?q BODY 0 contains .google.az/url?q BODY 0 contains .google.by/url?q BODY 0 contains .google.be/url?q BODY 0 contains .google.com.br/url?q BODY 0 contains .google.vg/url?q BODY 0 contains .google.bi/url?q BODY 0 contains .google.ca/url?q BODY 0 contains .google.td/url?q BODY 0 contains .google.cl/url?q BODY 0 contains .google.com.co/url?q BODY 0 contains .google.co.cr/url?q BODY 0 contains .google.ci/url?q BODY 0 contains .google.com.cu/url?q BODY 0 contains .google.cd/url?q BODY 0 contains .google.dk/url?q BODY 0 contains .google.dj/url?q BODY 0 contains .google.com.do/url?q BODY 0 contains .google.com.ec/url?q BODY 0 contains .google.com.sv/url?q BODY 0 contains .google.ee/url?q BODY 0 contains .google.com.fj/url?q BODY 0 contains .google.fi/url?q BODY 0 contains .google.fr/url?q BODY 0 contains .google.gm/url?q BODY 0 contains .google.ge/url?q BODY 0 contains .google.de/url?q BODY 0 contains .google.com.gi/url?q BODY 0 contains .google.com.gr/url?q BODY 0 contains .google.gl/url?q BODY 0 contains .google.gg/url?q BODY 0 contains .google.hn/url?q BODY 0 contains .google.com.hk/url?q BODY 0 contains .google.co.hu/url?q BODY 0 contains .google.co.in/url?q BODY 0 contains .google.ie/url?q BODY 0 contains .google.co.il/url?q BODY 0 contains .google.it/url?q BODY 0 contains .google.co.jp/url?q BODY 0 contains .google.je/url?q BODY 0 contains .google.kz/url?q BODY 0 contains .google.lv/url?q BODY 0 contains .google.co.ls/url?q BODY 0 contains .google.com.ly/url?q BODY 0 contains .google.li/url?q BODY 0 contains .google.lt/url?q BODY 0 contains .google.lu/url?q BODY 0 contains .google.mw/url?q BODY 0 contains .google.com.my/url?q BODY 0 contains .google.com.mt/url?q BODY 0 contains .google.mu/url?q BODY 0 contains .google.com.mx/url?q BODY 0 contains .google.fm/url?q BODY 0 contains .google.ms/url?q BODY 0 contains .google.com.na/url?q BODY 0 contains .google.com.np/url?q BODY 0 contains .google.nl/url?q BODY 0 contains .google.co.nz/url?q BODY 0 contains .google.com.ni/url?q BODY 0 contains .google.com.nf/url?q BODY 0 contains .google.com.pk/url?q BODY 0 contains .google.com.pa/url?q BODY 0 contains .google.com.py/url?q BODY 0 contains .google.com.pe/url?q BODY 0 contains .google.com.ph/url?q BODY 0 contains .google.pn/url?q BODY 0 contains .google.pl/url?q BODY 0 contains .google.pt/url?q BODY 0 contains .google.com.pr/url?q BODY 0 contains .google.cg/url?q BODY 0 contains .google.ro/url?q BODY 0 contains .google.ru/url?q BODY 0 contains .google.rw/url?q BODY 0 contains .google.sh/url?q BODY 0 contains .google.com.vc/url?q BODY 0 contains .google.sm/url?q BODY 0 contains .google.co.yu/url?q BODY 0 contains .google.com.sg/url?q BODY 0 contains .google.sk/url?q BODY 0 contains .google.co.kr/url?q BODY 0 contains .google.es/url?q BODY 0 contains .google.se/url?q BODY 0 contains .google.ch/url?q BODY 0 contains .google.com.tw/url?q BODY 0 contains .google.co.th/url?q BODY 0 contains .google.tt/url?q BODY 0 contains .google.com.tr/url?q BODY 0 contains .google.com.ua/url?q BODY 0 contains .google.ae/url?q BODY 0 contains .google.co.uk/url?q BODY 0 contains .google.com.uy/url?q BODY 0 contains .google.uz/url?q BODY 0 contains .google.co.ve/url?q BODY 0 contains .google.com.vn/url?q - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 4:05 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Certainly Here is what you see in the e-mail http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 Here is what is in the source: href=http://www.google.com/url?q=http://www.google.com/url?q=http://%73%5 4% 41%09Nd%09%7aA.n%09e%74/%63%67i- b%09%69n%09/%70%6fch/%72e%09di%72.%63g%69?s= intown.nethttp://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 / a Not that different from
Re: [Declude.JunkMail] Cryptic URL in source
Harry, If you have the Pro version, you can make use of the OBFUSCATION filter that I have posted at my site: http://www.mailpure.com/software/decludefilters/beta/ It will tag all such links where needless URL and/or HTML obfuscation is used. Please note that I stopped maintaining these filters a while ago, mainly due to my own system becoming too customized for me to make generalized versions of these filters easily available, and also because I have focused more and more on writing external tests instead of Declude filters due to the flexibility that this environment offers me. The OBFUSCATION filter though has changed little, and I do currently still use it. Matt Harry Vanderzand wrote: Yes that would work. However I want a method that traps all mail that uses this deceptive practice. Is there no way to detect this trick? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom Sent: Wednesday, November 09, 2005 5:28 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Cryptic URL in source No problem. BODY 500 contains google.com/url?q= -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Glenn \ WCNet Sent: Wednesday, November 09, 2005 4:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source I've been getting reports of that from customers all day. G.Z. - Original Message - From: "Harry Vanderzand" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 4:05 PM Subject: RE: [Declude.JunkMail] Cryptic URL in source Certainly Here is what you see in the e-mail http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ8vk0 Here is what is in the source: href=""moz-txt-link-freetext" href="http://www.google.com/url?q=http://www.google.com/url?q=http://%">http://www.google.com/url?q=http://www.google.com/url?q=http://% 73%5 4% 41%09Nd%09%7aA.n%09e%74/%63%67i- b%09%69n%09/%70%6fch/%72e%09di%72.%63g%69?s= intown.net"http://intown.net/HwSbgXkc9vYP4qssBQS0AK6bumsUuatFHAdxX6IZ 8vk0 / a Not that different from some of the phishing e-mails This has got to be detectable and should be cause for immediate deletion. Who has legitimate cause to hide their identity? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott Fisher Sent: Wednesday, November 09, 2005 4:40 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Cryptic URL in source Do you have an example? - Original Message - From: "Harry Vanderzand" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 09, 2005 10:18 AM Subject: RE: [Declude.JunkMail] Cryptic URL in source Any ideas on this? When the URL is hidden with cryptic characters in the source code of an e-mail it seems to me that it is obviously not a legitimate e-mail in that deception is being used. Is there not an easy way to stop e-mail where these practises are being used? I am running imail 8.21 and declude 3.05.18, the latest sniffer and Invuribl Assistance is appreciated Thank you Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, jus