pardon me if this has already been posted, but I am getting some embedded ones through that appear to take advantage of some IE "features"
<font></font><A href="ht tp:/ /qeepluq.com&ljeabfhtqemxctry4ts73e%2E tho uljth ou1%2Ecom/">
If I have firefox up, this link goes nowhere. IE will actually turn the %2E to a "." and load it up. I have both the exim perl plugin by erik mugele and spamassassin plugin and neither catch it.
-----Original Message----- From: Sean Sowell [mailto:sean@twin-dad.com] Sent: Tuesday, May 31, 2005 1:31 PM To: discuss@lists.surbl.org Subject: [SURBL-Discuss] Re: embedded image spams
On Tuesday, May 31, 2005 0300, Jeff C. wrote:
Yes, please, if you could mention the ones over the past couple days we'll look into them. Some of the ones you mentioned earlier are already blacklisted, so we'd like to analyze the unlisted recent ones to see how we can list them sooner.
By the way, just to sanity check things, these are the domains in message body URIs and not headers, right? I ask because it's somewhat unusual to have two sets of domains in a given spam, and SURBLs are meant to operate on message body URIs and not headers.
Yes, in the body only. Frequently, these things include an image of a text disclaimer/opt-out notice at the bottom. Rolling over the image shows the hyperlinked URI, but the text within the image itself shows a different domain.
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
Bjurstrom, Eric