base64 spam
Allyn Fratkin
allyn at fratkin.com
Wed Nov 20 04:15:09 CET 2002
David Relson wrote:
> My son is the lucky recipient of OsageSoftware's first spam message
> totally encoded in base64.
welcome to my world.
that's amazing that you have been able to avoid them for so long.
a check of my spam corpus at work (~6000 messages from 2002) turns up
about 175 of these messages. (at home i have a procmail rule
that sends them directly to /dev/null).
but really, what is the practical difference between a message that is
entirely base64-encoded text and one that is technically multipart/mixed
and consists of exactly one part which is base64-encoded text?
i'd say very little. to bogofilter there might be a mime-separator but
otherwise the messages would probably lex about the same.
another check of the ~6000 message spam corpus turns up about 1100 messages
with a base-64 encoded text part (either the entire message or a text
"part"). in other words, about 17% of the spam messages i have
are base64-encoded text.
this is why i wrote unbase64.
> Indeed, if spammers are going to be using creative spelling in their
> headers, e.g. "Gen*ric V*aga", and encoding their whole message in a
> block of base64 text, we _do_ need to deal with it. Sigh :-(
yes, this is what i've been saying all along. :-)
feel free to take a look at unbase64 if you can live without -p !
--
Allyn Fratkin allyn at fratkin.com
Escondido, CA http://www.fratkin.com/
More information about the Bogofilter
mailing list