From EBjurstrom@Cogentco.com Tue May 31 21:24:31 2005 From: "Bjurstrom, Eric" To: discuss@lists.surbl.org Subject: RE: [SURBL-Discuss] Re: embedded image spams Date: Tue, 31 May 2005 15:24:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1172337796367770568==" --===============1172337796367770568== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit pardon me if this has already been posted, but I am getting some embedded ones through that appear to take advantage of some IE "features" If I have firefox up, this link goes nowhere. IE will actually turn the %2E to a "." and load it up. I have both the exim perl plugin by erik mugele and spamassassin plugin and neither catch it. -----Original Message----- From: Sean Sowell [mailto:sean(a)twin-dad.com] Sent: Tuesday, May 31, 2005 1:31 PM To: discuss(a)lists.surbl.org Subject: [SURBL-Discuss] Re: embedded image spams On Tuesday, May 31, 2005 0300, Jeff C. wrote: >> Yes, please, if you could mention the ones over the past couple >> days we'll look into them. Some of the ones you mentioned >> earlier are already blacklisted, so we'd like to analyze the >> unlisted recent ones to see how we can list them sooner. > By the way, just to sanity check things, these are the domains in > message body URIs and not headers, right? I ask because it's > somewhat unusual to have two sets of domains in a given spam, > and SURBLs are meant to operate on message body URIs and not > headers. Yes, in the body only. Frequently, these things include an image of a text disclaimer/opt-out notice at the bottom. Rolling over the image shows the hyperlinked URI, but the text within the image itself shows a different domain. _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss --===============1172337796367770568==--