[Spambayes] Cute spam trick

Derek Simkowiak dereks at itsite.com
Sun Dec 15 19:40:39 EST 2002


>     Let the Len<!--yczvHV-->ders <br>
>     Com<!--yczvHV-->pete for your Lo<!--yczvHV-->an!</font></b></div>

> [...] Our tokenizer does strip HTML comments, but replaces each with a
> blank, so the spammy words remain broken up.
>
> I'll fix that.

	Pretend I'm a spammer.

Hi!  Gre<b></b>eat De<i></i>eals with lo<pre></pre>w rat<script></script>es!

	(I.e., not just comments, but valid HTML tags too.)

	For that matter, since unrecognized tags are ignored by browsers,
it could be:

Hi! Grea<foo>t de</foo>als He<bar>r</bar>e!

	Hell, it wouldn't even need too look like HTML:

Hi! G<aa>r<bb>e<cc>a<ddd>t d<ee>e<ff>a<gg>l<hh>s h<ii>e<jj>r<kk>e<ll>!

	I haven't followed the discussions on HTML handling, but given
this latest cute trick this other stuff can't be far away.



--Derek




More information about the Spambayes mailing list