LinkBack URL
About LinkBacks
3 pointer for the Spammers
Spammers have a new weapon against our SPAM controls. A script embedded in the header outputs an undesireable/filterable string eg: 1/2 price Viagr*a.
I discovered this when I tested the message against the filter expecting it to fail on "Viag" in the subject. When it did not I doublechecked the subject in the header and realized they differ and/or produce different results depending on how it is being viewed.
In the inbox it shows up as:
1/2 price Viagr*a
Viewing the header (see below) returns:
Subject: =?ISO-8859-1?b?MS8yIHByaWNlIFZpYWdyKmE=?=
Gotta admire the tenacity of the bastards . . .
========== Begin Forwarded Message ========
Return-path: <gus@studiog39mw.uncensored-hosting.com>
Envelope-to: gus@studiog39mw.uncensored-hosting.com
Delivery-date: Thu, 15 Apr 2004 12:24:17 -0700
Received: from gus by studiog39mw.uncensored-hosting.com with local-bsmtp (Exim 4.24)
id 1BECT9-0000Fl-Uk
for gus@studiog39mw.uncensored-hosting.com; Thu, 15 Apr 2004 12:24:17 -0700
Received: from [217.88.218.169] (helo=tenbit.pl)
by studiog39mw.uncensored-hosting.com with smtp (Exim 4.24)
id 1BECT9-0000Ff-61
for gus@photographybygus.com; Thu, 15 Apr 2004 12:24:15 -0700
Subject: =?ISO-8859-1?b?MS8yIHByaWNlIFZpYWdyKmE=?=
To: gus@photographybygus.com
From: "Florine A. Hathaway" <florine.hathawaypc@xcelco.on.ca>
Message-ID: <e66401c4231f$2e4c44c0$badb78ac@g8vvls3>
Date: Thu, 15 Apr 2004 19:22:56 +0000
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
studiog39mw.uncensored-hosting.com
X-Spam-Level: ******
X-Spam-Status: No, hits=6.4 required=7.0 tests=HTML_60_70,HTML_IMAGE_ONLY_02,
HTML_MESSAGE,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,RCVD_IN_DYNABLOCK,
RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS autolearn=no
version=2.63
======== End Forwarded Message =========
Reply With Quote
