On Wednesday, September 8, 2004, 7:49:49 PM, Rob McEwen wrote:
But, I would add that a huge consideration is the obfuscation techniques of the spammer based on the sending server and the contents of the spam. For example, if every other word is spliced with a fake html tag or if the spam is being propagated by a virus, then (unless it's some kind of "joe jobs" smear campaign), you can count on it being spam.
Yes, detecting obfuscation and tagging because of it one thing SpamAssassin is good at. SA is also able to deobfuscate advertised URIs so they can be checked using SURBLs, etc.
Jeff C.