Re: [Exim] My (wishlist) ultimate spam solution

On Sat, Mar 23, 2002 at 06:42:01AM -0500, Chad Leigh -- Shire.Net LLC wrote:
|
| On Saturday, March 23, 2002, at 01:09 , dman wrote:
| >Oh, how about looking at this? Here's a snippet from a piece of spam
| >that I received recently :
| >
| >~~~~~~~~
| >------=_NextPart_000_00A1_03E45A3E.C8413D83
| >Content-Type: text/html; charset=ISO-8859-1
| >Content-Transfer-Encoding: base64
| >
| >PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIg
| >Y29udGVudD0iZW4tdXMiPg0KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNy
| >b3NvZnQgRnJvbnRQYWdlIDUuMCI+DQo8bWV0YSBuYW1lPSJQcm9nSWQiIGNvbnRlbnQ9IkZy
| >b250UGFnZS5FZGl0b3IuRG9jdW1lbnQiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1U
| >eXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjUyIj4NCjx0aXRs
| >~~~~~~~~
| >
| >Here's what it says if I decode the base64 and render the HTML :
|
| My question is, has anyone ever got any LEGIT email that was base64
| encoded like the above? In my life, every piece I've gotten has been
| junkmail. I don't need to decode it, just junk it. That is a good test
| in my book by itself...

I don't know. That is still just one way of tripping up simple tests.
Quoted-printable can also break up words sufficiently, and so can
HTML. Even simple things that smarter spammers do can sufficiently
break up the words.

You also want to be careful what words you look for and how you weight
them. I noticed that "teen" is one of the suggestions; but what if
I'm asking how to fix a exim-related problem my teen brother created?
That wouldn't be spam.

Reliably (and thoroughly) identifying spam is not a simple matter.

-D

--

One OS to rule them all, one OS to find them,
One OS to bring them all and in the darkness bind them,
In the Land of Redmond, where the Shadows lie.