base64 spam

[Allyn Fratkin]

David Relson wrote:

> My son is the lucky recipient of OsageSoftware's first spam message
> totally encoded in base64.

welcome to my world.

that's amazing that you have been able to avoid them for so long.
a check of my spam corpus at work (~6000 messages from 2002) turns up
about 175 of these messages.  (at home i have a procmail rule
that sends them directly to /dev/null).

but really, what is the practical difference between a message that is
entirely base64-encoded text and one that is technically multipart/mixed
and consists of exactly one part which is base64-encoded text?
i'd say very little.  to bogofilter there might be a mime-separator but
otherwise the messages would probably lex about the same.

another check of the ~6000 message spam corpus turns up about 1100 messages
with a base-64 encoded text part (either the entire message or a text
"part").  in other words, about 17% of the spam messages i have
are base64-encoded text.

this is why i wrote unbase64.

> Indeed, if spammers are going to be using creative spelling in their
> headers, e.g. "Gen*ric V*aga", and encoding their whole message in a
> block of base64 text, we _do_ need to deal with it.  Sigh :-(

yes, this is what i've been saying all along.  :-)

feel free to take a look at unbase64 if you can live without -p !

-- 
Allyn Fratkin             allyn at fratkin.com
Escondido, CA             http://www.fratkin.com/