Hi the folks,

I've just had a spam email (what's new)... they got past my isp and my own
filtering by putting xml tags all the way through the message. Is there
filter software which can identify this? Here's the source code of the
spam...

<snip>
<HTML>
<BODY><bp><FONT face=3Dverdana,cerebral size=3D2>
<grandiose><urbana><cleanup>
Andrew, <BR><BR>W<flagging>e ha<gettysburg>ve
all the t<gaithersburg>ools you ne<cowslip>ed
to cr<quaternary>eate
<BR>Prof<cryogenic>essio<hypophyseal>nal
Bu<bog>sine<carleton>ss
We<bestir>bsite <BR><BR>-2<congressional>5
Com<abutting>plete <i>Bi<petrify>z </i>
W<perjure>ebsites-<BR><BR><i>NEW</i> -
10<recriminatory>0's of Fla<anomaly>sh /
Bu<celsius>siness / Hi-Te<lifeboat>ch
Temp<absolute>lates <BR>
Desig<yoga>ned Spe<cauchy>cifically <BR>
For the Sm<obfuscatory>all and H<yost>ome
Based B<dispersible>usine<costume>ss
Ow<respiratory>ner in Min<isotropic>d <BR><br>
-Lat<manpower>est Tec<agenda>hnology:
PR<fructose>O Dire<complex>ct A<depth>
dvertiser-<br><br> A<roxbury>d Bl<moratorium>aster
P<downslope>RO is incl<barbados>uded
Abs<dilution>olutely
F<revisionary>R<cleric>E<clog>E<postage>
(3<wit>9<hepburn>5.0<litigant>0
U<giraffe>SD Va<uninominal>lue)<br><BR>
Our da<dichloride>tabase of I<terrier>P
ad<elsinore>dresses cont<chisholm>ains
ov<benzene>er <BR>
3 bil<freest>lion po<aviate>ssible
le<crankcase>ads for your bus<carbonaceous>iness.
<br><br>Inc<gale>luded F<automat>REE of
C<heartbreak>harge <br><br>
<A href=3D"http://bedevil.com@netbiz.bz/1a2s.htm?zsid=3Dboth"=
title=3D "novitiate">
S<grumble>ee our We<brethren>bsite for
m<hibbard>ore
de<bearish>tails</A><BR>
--------<<>>----------<<>>----------<<>>----------<<>>--------
<BR><BR><font face=3D"Arial, flute" size=3D1>
Pl<fetus>ease s<habitation>ee our
we<koala>bsite <ditzel>
For r<aloof>emo<robe>val
Inst<choir>ruc<brockle>tions.</font>
<BR><find><BR>
</BODY></HTML>
</snip>


Any ideas...??


cheers

Andrew M
Web Developer
andrew@NOSPAMmindstream.co.uk (remove nospam to reply)
www.mindstream.co.uk


---
Outgoing mail from mindstream.co.uk is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.495 / Virus Database: 294 - Release Date: 30/06/2003

"Andrew M" <usenet@NOSPAMmindstream.co.uk> writes:

The content of the body of the email isn't the only thing that you can
filter on. Good software will take all manner of other things into
account, like the software used to email, blackhole lists etc etc.

You might want to look at spamassassin:

http://spamassassin.org/

--
Richard Watson
http://www.opencolo.com/
High Value Colocation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on Fri, 4 Jul 2003 16:56:52 +0100, "Andrew M"
<usenet@NOSPAMmindstream.co.uk> amazingly managed to produce the
following with their Etch-A-Sketch:


There's you're answer

In my procmail filters, I have:


:0
* ^Content-Type:.*html.*
/dev/null

and


:0B
.*mailto:.*
/dev/null

:0B
.*<a href.*
/dev/null



Works like a charm 8)

Even better.. drop all mail from *aol.com *yahoo.* aol.* and msn.*
and you'll lose just about _all_ your spam =D

Only muppets and SPAMmers use those domains for mail anyway.. so no
loss there.



Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwWx1Wfqtj251CDhEQLP9wCfbsd5sNBGWftvKmCbCED33n uautQAmwSK
P11q+7vvpbz93CKGfXfRx4Km
=SyyW
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

In message <37cbgvoh185kqpcsopfa4qnebjkdd13371@4ax.com>, "Ian.H [dS]"
<ian@WINDOZEdigiserv.net> writes

<snip example of /dev/null ~ing all HTML mail>

Presumably you regard email as being purely a medium for chatting to
other techies?

Well, that's one way to ensure your friends are all uber-geeks I
suppose, some of us prefer to actually be able to communicate with
ordinary folk. Not everyone who uses mass market ISPs is a spammer, in
fact the vast majority of them wouldn't know how to spam even if they
wanted to. Most spam which "appears" to come from Yahoo!, etc, has
forged headers.

--
- Jack Howard, Systems Development Engineer, Firstnet Services Limited
===[ http://www.firstnet.net.uk <--- Total Internet Solutions ]===

===[ This message subject to http://www.firstnet.net.uk/disclaimer.html ]===

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on Mon, 7 Jul 2003 12:01:03 +0100, Jack Howard
<jhoward@blackhole.firstnet.co.uk> amazingly managed to produce the
following with their Etch-A-Sketch:


Nope.

I have a couple of boxes, one for "business" one for "social". One's
filtered to the hilt and the other is pretty much open.

Also, my "non techy" friends normally use the old fashioned method of
either dropping by or using the telephone =)

A lot of my non-techy friends don't go online.. so the fone is more
practical all round.. anyone that does send mail to the heavily
filterd box knows not to send HTML mail anyway.



As do I.. but no one with half an ounce of savvy would use any of the
above service providers.



I've never claimed that everyone is a SPAMmer from those domains. I
receive nothing useful from any of them.. none of the people that do
mail me (that I speak to "regularly") use any of them.. they know
better.. so there's never an issue there. The business addy doesn't
filter those.. so I don't lose anything that side of things either.



Many headers are forged.. but as I get nothing useful from yahoo
domains, there's no need to allow mails apparently originating from
there to be delivered to my inbox =)



Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwlYMWfqtj251CDhEQJDkwCdFiN7nvQ/TPeF99ridIxzcWYsCVYAoNLU
+JaTqXoSddP7hhFoyVGp+VL7
=m3fX
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.