Message getting around filter rule somehow

  • Thread starter Thread starter James
  • Start date Start date
J

James

I have a few junk mail rules set up and they are doing a
very good job of catching 80% of my spam so far, I am
having one problem though. There seems to be a lot of
spam lately for a new viagra drug and all the messages
are html format and contain the words "Your easy-to-use
solution is here" or a close variant.

I set up a rule to move messages with the text "solution
is here" or "easy-to-use" to the junk mail folder but the
rule doesn't work. I checked the hmtl source of the
message and the text is not special or encoded in any
way. The only cause for this problem I can think of is
it doesn't work because the message is html format? Any
help?

I have many rules and am familiar with setting them up,
so I'm pretty sure the rule is setup correctly, it just
seems to not be working on html messages.

I just did a test and sent 2 mails to myself with the
phrase "Your easy-to-use solution is here" one in html
format and one in text format, both were filtered
correctly, so it must not be a general html filter
problem, maybe something they are doing in the html
formatting? How can I get this filter to work, any ideas?

The message source below.

<HTML><HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html;charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 7.0
Transitional//EN">

<META http-equiv="Content-Type content="text/html;
charset=iso-8859-1">
<META content="MSHTML 9.11.0078.0480" name=GENERATOR>
<STYLE></style>
</HEAD>
<body BGCOLOR='#FFFFFF'>
<div align="left">
<p>
<p><font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><b>Hey,</b></font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><b>I just heard
of this new dr&micro;g called &copy;i&aacute;lis
and I thought you might
be interested in it. C&igrave;&aacute;lis is the
new r&iacute;val to
v&iuml;&aacute;gra and is better
known as s&ucirc;p&eacute;r v&iuml;agr&aacute; or
dubbed the &quot;week&eacute;nd
viagr&aacute;&quot; by the pr&ecirc;ss.
</b></font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><b>I just found
a place &oacute;nl&iexcl;ne that has the
g&euml;ner&igrave;c version for
a lot ch&eacute;&aacute;per than getting it from a US
ph&acirc;rm&acirc;cy.
No pr&eacute;scr&igrave;ptions needed or
n&eacute;cess&acirc;ry.</b></font></p>
<font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><p style="font-size:0px; color:#fffbf0"
align="left"> <p style="font-size:0px; color:#fffbf0"
align="left"> bottleneck </P>
All Ord&eacute;rs Back&eacute;d By Our 100%,<br>
30 D&atilde;y, Mon&eacute;y Ba&cent;k
Guar&aacute;nt&ecirc;e!</font>
</p>
<p><font face="Verdana, Arial, Helvetica, sans-serif"
size="2">Sh&iexcl;pp&eacute;d
worldwid&eacute;
Discr&euml;etly.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif"
size="2"><a
href="http://buddy.fruition.huffman.full.limousine.hydrome
ter.abelson.candle.wholeproducts4less.biz/c2/?
AFF_ID=c20323">Your
easy-to-use solution is here</a></font></p>
</div>
<p align="left"><font face="Verdana, Arial, Helvetica,
sans-serif" size="2">No
further em&acirc;&icirc;ls pl&egrave;&acirc;se<br>
<a
href="http://coleus.folksy.episodic.estimable.falcon.indel
ible.kerygma.elves.wholeproducts4less.biz">http://wholepro
ducts4less.biz</a></font></p>
<p align="left">&nbsp;</p>
<p style="font-size:0px; color:#fffbf0"
align="left">_WORD . provost , alert
chute , edgar . impertinent . pretext , mathematic
ozone , infight
. exterminate . grayson , insert bootstrap ,
sisyphean . elucidate . crowfoot0
, aileron5 goggle , englewood . arrangeable .
millennia , air
ram , astor . picky . fro , anthony depend , mackinac
. octopus . hays , blaine attempt , poach . routine .
arab
, bypass crankcase , comic . peddle . sal , honoraria
lobo
, complainant . jewel . folklore , preview excess ,
persuade . michele
. purl , inkling circuitous , hough . circa . fever ,
bosch
meiosis , critique . ere . boggle , larsen cambodia ,
checkout
. goodbye . applicant , dice annex , newspaperman .
prefer . pyrite
, an punster , geigy . preference . client , algebraic
lebanon
, eloquent . balled . bobolink , quirky entice ,
incurred . jurassic
. coccidiosis , horn4 angelica , chance . downtrend .
duchess
, dogma niobe , corrector . contrariety . cacti , curia
sandpaper
, immodesty . sequestration . saponify , scanty
heterosexual , inexcusable . ecumenist
. evolution , condensate gerhardt , cabana . entity .
bronze , natal
angelic , imminent . basilisk . calm , seagram harrow ,
manometer
. axial . handspike , marceau remitting , scription .
giveth . potlatch
, chambers novelty , bailiff . derogatory .
hydrometer , inject chiang
, pariah . angelic . dispersible , oboe easel , frock .
griswold
. deem , dodson mae , hendrickson . gymnasium . ague ,
coax
cowhide , donna . headroom . depreciate , lundquist
kola , pianist
. feminism . cloddish , ibm bayesian , mirfak .
psychobiology . cultivable
, corrigible </P>
</BODY></HTML>
 
"James" said in news:[email protected]:
I have a few junk mail rules set up and they are doing a
very good job of catching 80% of my spam so far, I am
having one problem though. There seems to be a lot of
spam lately for a new viagra drug and all the messages
are html format and contain the words "Your easy-to-use
solution is here" or a close variant.

I set up a rule to move messages with the text "solution
is here" or "easy-to-use" to the junk mail folder but the
rule doesn't work. I checked the hmtl source of the
Click to expand...

What you see is NOT what is written. HTML tags are hidden from you when the document is rendered (i.e., how you see it). You might filter on anything having "sex" in it but that won't work if the HTML-formatted message has "s<I></I>e<I></I>x" where the tags (within angle brackets) simply turn italics on and off (with nothing between so there is no effect in the rendered version of the message).

Right-click and use View Source to see just where is that "viagra" text. I bet it really isn't "viagra" but a jumble of characters that include HTML tags. Note that the HTML tags don't even have to be valid HTML tags. Bogus tags are often used because spammers know that they get ignored.
 
*Vanguard* said:
What you see is NOT what is written. HTML tags are hidden from you
when the document is rendered (i.e., how you see it). You might
filter on anything having "sex" in it but that won't work if the
HTML-formatted message has "s<I></I>e<I></I>x" where the tags (within
angle brackets) simply turn italics on and off (with nothing between
so there is no effect in the rendered version of the message).
Click to expand...

Not only that, but because HTML renderers are supposed to ignore tags they
don't know, one could include "sex" and "s</dummy>e</anotherdummy>x" and the
unknown tags will be stripped out from the rendered text with nary a peep.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I can't get my <Marquee>-based animated signature to work 8
HTML signature spacing problem 1
Stationary and fonts 1
Problem reading css file 1
OL2003 Filter on Header Entry (Not Exactly Working) 3
Offerta AutoCAD Map 3D 0
find string in web page 3
Aluminum Panel 20020 1

Back
Top