[SURBL-Discuss] Re: embedded image spams
Bjurstrom, Eric
EBjurstrom at Cogentco.com
Tue May 31 21:24:22 CEST 2005
pardon me if this has already been posted, but I am getting some embedded
ones through that appear to take advantage of some IE "features"
<font></font><A href="ht
tp:/
/qeepluq.com&ljeabfhtqemxctry4ts73e%2E
tho
uljth
ou1%2Ecom/">
If I have firefox up, this link goes nowhere. IE will actually turn the %2E
to a "." and load it up. I have both the exim perl plugin by erik mugele
and spamassassin plugin and neither catch it.
-----Original Message-----
From: Sean Sowell [mailto:sean at twin-dad.com]
Sent: Tuesday, May 31, 2005 1:31 PM
To: discuss at lists.surbl.org
Subject: [SURBL-Discuss] Re: embedded image spams
On Tuesday, May 31, 2005 0300, Jeff C. wrote:
>> Yes, please, if you could mention the ones over the past couple
>> days we'll look into them. Some of the ones you mentioned
>> earlier are already blacklisted, so we'd like to analyze the
>> unlisted recent ones to see how we can list them sooner.
> By the way, just to sanity check things, these are the domains in
> message body URIs and not headers, right? I ask because it's
> somewhat unusual to have two sets of domains in a given spam,
> and SURBLs are meant to operate on message body URIs and not
> headers.
Yes, in the body only. Frequently, these things include an image of a text
disclaimer/opt-out notice at the bottom. Rolling over the image shows the
hyperlinked URI, but the text within the image itself shows a different
domain.
_______________________________________________
Discuss mailing list
Discuss at lists.surbl.org
http://lists.surbl.org/mailman/listinfo/discuss
More information about the Discuss
mailing list