At 12:25 PM -0500 3/31/03, David F. Skoll wrote:
You're assuming that most people have JavaScript-enabled mail readers.
There are simpler ways to defeat filtering, checksums and such without
depending on client-side software.
The percentage is high enough that spammers don't care about those
that don't. I've seen more than a few Javascript encoded email
messages. It seems to be most common for illegal scams (like
attempts to get your credit card) where they want to keep a web site
running for long enough to collect some cards. The encryption
presumably means that it takes longer before someone technical enough
to deal with the message can find the actual web site.
I actually went so far at one point as to build a fake IE DOM in a PD
Javascript interpreter so that I could automatically decrypt the
messages.
At 1:02 PM -0500 3/31/03, David F. Skoll wrote:
Here's a simple rule:
IF body contains "javascript THEN bounce.
Unfortunately there are a number of commercial companies out there
selling "active email" products. Basically these are services that
let you, for instance, send out a party invitation where you don't
have to go to the web site to respond. The list of who has
subscribed, and the forms to subscribe are all in your email, and
change dynamically each time you read it. Those products include
javascript in the email. The usual content-filter problem.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg