RFC-2047 [was: New spam trick]
Boris 'pi' Piwinger
3.14 at logic.univie.ac.at
Mon Jul 21 15:59:55 CEST 2003
David Relson wrote:
>> >>In my logfile I observe that many spammers use broken MIME
>> >>encoding in the subject. An encoded word MUST have
>> >>whitespace to be separated from anything else. This is missing.
>> >
>> > Can you post some samples?
>>
>>Subject: Just give=?ISO-8859-1?B?IGl0IHRv?= me!
>>
>>Subject: I found your a=?ISO-8859-1?b?ZGRpZQ==?=
>>
>>Subject: =?iso-8859-1?b?TXkgc2g=?=ady past
>>
>>Subject: You blocke=?ISO-8859-1?b?ZCBteSBJQ1E=?=
>>
>>Subject: Tickets arriv=?ISO-8859-1?b?ZWQ=?=
>>
>>Subject: Buy You=?ISO-8859-1?b?ciBQcmVzY3JpcHRp?=on
>>Med=?ISO-8859-1?b?cyBPbmw=?=ine.
>
> Ah!!! That stuff. I, too, have noticed occasional messages like those.
>
> Looks like bogofilter doesn't know about RFC-2047. I guess it's time to
> add RFC-2047 compliance to the TODO list.
That was important all the time. But note that my remark
refers to something which is not compliant to RfC 2047,
actually, none of the above is. It should also work. This
should greatly enhance detecting spam. Without this tagging
subjects is almost useles.
There is one question though: Decoding remove the charset
info (as long as we have not implemented Unicode). So it
might be a good idea to also add the charset to the list
(which will catch all that asian spam).
pi
More information about the Bogofilter
mailing list