ignore text/plain part of multipart/alternative messages?

[Boris 'pi' Piwinger]

David Flanagan <david at davidflanagan.com> wrote:

>The biggest category of spam that's been getting through to me is
>multipart/alternative messages that contain text apparently excerpted
>from books in the text/plain part, and whatever the spammer's payload is
>in the text/html part.

Is that true? Until yesterday (!) I had my
http://piology.org/.procmailrc.html (web page not yet
adjusted) shrink multipart/alternative to the first
text/plain part (if exists), before bogofilter checked the
message. I have never seen what you describe in false
negatives as you would expect. What I have seen (and that
was the actual reason to change the above order) are empty
text/plain parts, which seems completely stupid, I cannot
see what a spammer does with that.

>In Paul Graham's latest article, he asserts that this type of spam isn't
>a big deal because the plain/text camouflage doesn't actually look like
>real e-mail.  

If this method is used -- again, I haven't seen it -- my
experience agrees with Paul's.

>I'm not sure I agree: the ones that are getting through to
>me seem to be excerpts from political memoirs or something about the
>Reagan/Bush years.  Since I get a lot of legitimate e-mail griping
>about the current Bush administration, these spam get through to me.

Well, I also get a lot of that legitimate criticizing.

>In any case, I think there is a (simple?) solution.  For
>multipart/alternative messages, I think that only the default part
>should be tokenized.  I'm sure that 99% of the mail-readers out there
>display the text/html part of these messages, 

Do you? Mine does not (agreed only few people use it), but
there are more like this.

pi