John Hardin <jhar...@impsec.org> wrote on 01/29/2014 12:34:29 PM: > From: John Hardin <jhar...@impsec.org> > To: users@spamassassin.apache.org, > Date: 01/29/2014 12:35 PM > Subject: Re: Help with a regex to catch spam with gibberish html tags > > On Wed, 29 Jan 2014, Joe Quinn wrote: > > > On 1/29/2014 11:53 AM, Andy Jezierski wrote: > >> I've been noticing a lot of spam getting through with the same traits, a > >> bunch of random words within brackets. They all seem to come after the > >> </body> or the </html> tag. Anyone much more knowledgeable than me care > >> to assist with a rule to detect them? > >> > >> Example: > >> > >> </html> > >> > >> </body> > >> <style> > >> <geehrter> > >> <convaincre> > >> <eingerichtet> > >> <piuttosto> > >> <meny> > > ...etc snipped. > > > I've been seeing that as well. They seem to all begin with <style>as well, > > to keep that crap from going through mail client HTML parsers. > > > > You can probably exploit the fact that nobody is ever going to > write a style > > block that doesn't match /[{}]/, but I haven't been able to experiment yet > > with any rules. > > There is already a style gibberish rule. > > http://ruleqa.spamassassin.org/20140128-r1562007-n/STYLE_GIBBERISH/detail >
I've seen the STYLE_GIBBERISH rule hit on a number of messages, but never on this type of spam.