I just got a spam that was caught by a couple of my local and very specific
rules, but otherwise would have made it through with flying colors. Yet it
has some really obvious screwups that I would have expected some rule to
catch. Notice:
Subject: FWD: Got all meds 4 U. %RND_MEDS_4PILLS & %RND_MEDS_2PILLS eJTtq
Aside from the suspicious FWD in uppercase, note the %RND_xxx tags.
In the body:
We ship the following: %RND_MEDS_LIST
<p>
Plus: %RND_ALL_OTHER_MEDS
<p>
Again, my favorite %RND_xxx tags.
Shouldn't there already be a rule to catch this sort of thing?
For that matter, I'm surprised there isn't a "suspicious html tags" checker.
It could be given increasing weight depending on the count of unlikely tags.
For instance, from the same spam:
</table>
</barstow></roseland></catalytic></falconry></avow></paradigmatic>
</i'll></fungoid></agreed></dakar></gemma></sousa>
</interruption></coast></testicular></bavaria></anew></brigade>
Loren
rules, but otherwise would have made it through with flying colors. Yet it
has some really obvious screwups that I would have expected some rule to
catch. Notice:
Subject: FWD: Got all meds 4 U. %RND_MEDS_4PILLS & %RND_MEDS_2PILLS eJTtq
Aside from the suspicious FWD in uppercase, note the %RND_xxx tags.
In the body:
We ship the following: %RND_MEDS_LIST
<p>
Plus: %RND_ALL_OTHER_MEDS
<p>
Again, my favorite %RND_xxx tags.
Shouldn't there already be a rule to catch this sort of thing?
For that matter, I'm surprised there isn't a "suspicious html tags" checker.
It could be given increasing weight depending on the count of unlikely tags.
For instance, from the same spam:
</table>
</barstow></roseland></catalytic></falconry></avow></paradigmatic>
</i'll></fungoid></agreed></dakar></gemma></sousa>
</interruption></coast></testicular></bavaria></anew></brigade>
Loren