Date: Wed, 17 Sep 2003 17:02:14 -0400 From: Theo Van Dinter <felicity@kluge.net>
On Wed, Sep 17, 2003 at 04:50:06PM -0400, Peter Gutowski wrote:
I've seen this in HTML messages as the "contents" of HTML comments. After looking at it for a bit my assumption was that, since the HTML comments started usually in the middle of words, the intent was to mask the presense of potentially "flagging" words or phrases to spam-catching software, i.e. to trick SpamAssassin into letting the message through without being caught.
Yes. Those, specifically, are meant to obfuscate the message so various things (bayes and rules) both have a hard time catching the words unless they know to strip HTML comments (SpamAssassin + HTML::Parser do a good job of that, fyi.)
Why strip comments looking for dirty words? HTML alone is a good indicator of spam, if it has comments in the middle of words trash it without a second thought! Am I missing something? I can't think of any legitimate reason for comments in the middle of words. void main(); { prin/*this won't parse*/tf("Hell" /*will this?*/"o world"); } -- Keith