[SURBL-Discuss] Re: embedded image spams

Bjurstrom, Eric EBjurstrom at Cogentco.com
Tue May 31 21:24:22 CEST 2005



pardon me if this has already been posted, but I am getting some embedded
ones through that appear to take advantage of some IE "features"

<font></font><A href="ht
tp:/
/qeepluq.com&ljeabfhtqemxctry4ts73e%2E
tho
uljth
ou1%2Ecom/">

If I have firefox up, this link goes nowhere.  IE will actually turn the %2E
to a "." and load it up.  I have both the exim perl plugin by erik mugele
and spamassassin plugin and neither catch it.

-----Original Message-----
From: Sean Sowell [mailto:sean at twin-dad.com]
Sent: Tuesday, May 31, 2005 1:31 PM
To: discuss at lists.surbl.org
Subject: [SURBL-Discuss] Re: embedded image spams


On Tuesday, May 31, 2005 0300, Jeff C. wrote:

>> Yes, please, if you could mention the ones over the past couple
>> days we'll look into them.  Some of the ones you mentioned
>> earlier are already blacklisted, so we'd like to analyze the
>> unlisted recent ones to see how we can list them sooner.

> By the way, just to sanity check things, these are the domains in
> message body URIs and not headers, right?  I ask because it's
> somewhat unusual to have two sets of domains in a given spam,
> and SURBLs are meant to operate on message body URIs and not
> headers.

Yes, in the body only.  Frequently, these things include an image of a text
disclaimer/opt-out notice at the bottom.  Rolling over the image shows the
hyperlinked URI, but the text within the image itself shows a different
domain.

_______________________________________________
Discuss mailing list
Discuss at lists.surbl.org
http://lists.surbl.org/mailman/listinfo/discuss


More information about the Discuss mailing list