Security Basics mailing list archives

Re: Something new in my inbox

From: "Greg" <pchandyman () ozemail com au>
Date: Wed, 29 Sep 2004 07:01:37 +1000

----- Original Message -----From: "Rob Hughes" <rob () robhughes com>

To: <security-basics () securityfocus com>
Sent: Tuesday, September 28, 2004 11:35 AM
Subject: Something new in my inbox

All,

I've noticed an increasing amount of spam that's using what looks like a
broken attempt to mime-encode a url. An example would be
http://www=2euwantedx=2einfo/rm/news_out=2ehtm. Does anyone recognize
this encoding type? I need to create some spamassassin rules to pick it
up. The only place I've seen the "=2e" stuff is in broken outlook
emails, so any help or pointers to sites with info on this encoding will
be appreciated.

Sorry but that isn't new at all. I use Spamkiller and I have had certainURLs looked for and knock out the spam. When that sort of thing comes in itcan stuff things up. However, just set a rule looking for "www" and "=2"both and you kill them easily. You can also kill anything with .info and.biz in it, JFYI.

Greg.

Current thread:

Something new in my inbox Rob Hughes (Sep 28)
- Re: Something new in my inbox Atom 'Smasher' (Sep 29)
- Re: Something new in my inbox Greg (Sep 30)
- <Possible follow-ups>
- Re: Something new in my inbox H Carvey (Sep 29)
- RE: Something new in my inbox Chris Santerre (Sep 30)