obscured URL not being tokenized

Dan Singletary dvsing at sonicspike.net
Sat Dec 20 17:16:29 CET 2003 

The following text:

<a 
href="http://%322%31.2%332.%316%30.1%305/%7a/s%69l%76e%72/f%61r%6d/i%6ed%65x.%68t%6dl">
<img border="0" 
src="http://%322%31.2%332.%316%30.1%305/%7a/s%69l%76e%72/f%61r%6d/e%6et.%6ap%67" 
width="500" height="300"></a>

Will get tokenized as:
head
href
head
http
head
img
head
border
head
src
head
http
head
width
head
height

The obscured IP addresses in the href and src parts of the a and img 
tags aren't being parsed and identified as ip addresses.  These are very 
charactaristic of the spam.  Also, this particular spam note takes 
advantage of a trick I've seen used many times and it occurs in a lot of 
my 'missed' spam: using white text on a white background full of 
paragraphs and paragraphs of irrelevant text in order to confuse the 
filter.  I've mentioned it before, but there should be some way to tell 
bogofilter to ignore text that is the same color as it's background- I 
know this would require more interpretation of the HTML, and I'm not 
sure how much more code there would need to be for this.  I've attached 
the entire offending email for your reference.

-Dan
-------------- next part --------------
Return-Path: <umsom at yahoo.com>
Delivered-To: dvsing at sonicspike.net
Received: from mail3.osiriscomm.com (orion.osiriscomm.com [67.100.208.210])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by jared.sonicspike.net (Postfix) with ESMTP id C6B44243083
	for <dvsing at sonicspike.net>; Fri, 19 Dec 2003 17:57:31 -0800 (PST)
Received: from p508F3493.dip.t-dialin.net (p508F3493.dip.t-dialin.net [80.143.52.147])
	by mail3.osiriscomm.com (8.12.8/8.12.8/OSIRIS-2.1.1mx) with ESMTP id hBK1kVic023453
	for <dvsing at sonicspike.net>; Fri, 19 Dec 2003 17:46:33 -0800
Received: from unknown (HELO localhost) (127.0.0.1)
    by localhost.owawkiu.com with SMTP; Fri, 19 Dec 2003 21:03:12 -0700
Received: from 47.35.235.64 (47.35.235.64[47.35.235.64])
       by p508F3493.dip.t-dialin.net (IMP) with HTTP
       for <dvsing at sonicspike.net>; Fri, 19 Dec 2003 21:03:12 -0700
Message-ID: <3821481071892992 at p508F3493.dip.t-dialin.net>
From: "catie" <umsom at yahoo.com>
To: "dvsing at sonicspike.net" <dvsing at sonicspike.net>
Subject: FWD:    Barn Lovin Bimbos             hugdt
Date: Fri, 19 Dec 2003 21:03:12 -0700
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 47.35.235.64
X-Bogosity: No, tests=bogofilter, spamicity=0.561943, version=0.15.11

<html>
<body bgcolor="#FFFFFF">
<div style="COLOR: white">reduction, esterification, etc.), I am persuaded that the true reaction barrier lies closer to the high energy barrier than the low energy barrier. The results are summarized in the TABLE.</div>
<div style="COLOR: white">As the data in the TABLE show, going from 55°F to 73°F, an increase in temperature of 18°F(10°C), doubles the rate of a reaction if it has a LOW energy barrier. If the reaction has a HIGH energy barrier, the rate of the reaction increases by a factor of eight for this temperature difference.Translated, this means if your cellar is at 73°F instead of 55°F, your wine ages 2.1 to 8.0 times faster than if it were at 55°F. Thus, 3 years at 73°F is equivalent to between 6.3 and 24 years of aging at 55°F. These differences are very significant.</div>
<div style="COLOR: white">rground temperature is around 13°C. Thus, the "ideal" seems to have been the result of regional custom and practice rather than scientific study.</div>

<p align="center">
<a href="http://%322%31.2%332.%316%30.1%305/%7a/s%69l%76e%72/f%61r%6d/i%6ed%65x.%68t%6dl">
<img border="0" src="http://%322%31.2%332.%316%30.1%305/%7a/s%69l%76e%72/f%61r%6d/e%6et.%6ap%67" width="500" height="300"></a></p>

<br><br>    <br>
    <br>
      <br>  <br>
      <br>

<div style="COLOR: white">What will happen to a wine stored at room temperature (73°F) in a dark closet rather than in a temperature-controlled environment of 55°F, the commonly accepted "ideal" temperature? This is the question I will attempt to answer in the following discussion. To do this, we must consider some chemical principles to help us understand why high temperature is detrimental to wine.</div>
<div style="COLOR: white">rground temperature is around 13°C. Thus, the "ideal" seems to have been the result of regional custom and practice rather than scientific study.</div>
<div style="COLOR: white">It gets worse as the temperature difference increases. As seen in the TABLE, a change from55°F to 91°F increases the rate 56 times for reactions with HIGH energy barriers and 4.1 times for reactions with LOW energy barriers. So if your storage is at 91°F instead of 55°F, your wine ages 4.1 to 56 times faster than if it were stored at 55°F. One month of aging at 91°F is equivalent to between 4 months and 18 years of aging at 55°F. As stated earlier, the "true" situation probably closer to the 18 year end of the range. These calculations show that higher temperatures markedly speed up the aging process and result in maturation of a wine over a very short time.</div>

<p align="left"><FONT face="Verdana, Arial, Helvetica, sans-serif" size=1><B>
<span style="background-color: #FFFFFF">Get zero more of these starting tomorrow:
<font color="#FF0000">
<a target="_blank" href="http://%322%31.2%332.%316%30.1%305/%7a/d%6fn%651.%68t%6dl">
<font color="#000000">CLICK </font></a> </font> </span> <FONT 
color=#ffffcc>
<a target="_blank" href="http://%322%31.2%332.%316%30.1%305/%7a/d%6fn%651.%68t%6dl">
<FONT color=#000000><span style="background-color: #FFFFFF">HERE </span> </FONT></a></FONT></B></FONT></p>


</body>
</html>

More information about the bogofilter mailing list