Yakov,
These are called "tag injections." Its been around for awhile in HTML
email. If you are mostly familiar with text, you don't see it. But if
you beginning to use HTML more and more, you will begin to see it as part of
your SPAMs.
Yes, they are designed to by-pass simple filtering systems who don't take
HTML and tag injections into account.
What you showed is not the worst kind, among the worst is where you add a
tag injection between letters, like so:
<!--x-->Y<!--x-->A<!--x-->K<!--x-->O<!--x-->V<!--x-->
The <!--x--> is a comment tag which is removed by the HTML browsers before
display it to the user. Thus the user will see:
YAKOV
A good email filter systems include Tag Injection support such as our
Wildcat! SMTP system:
# TagInjectionCount defines the number of HTML
# comment tags <!--xxxx--> to look found before
# a rejection.
TagInjectionCount=20
So this rule says that if an email has 20 or more of the <!--xx--> comment
tags, then it is considered a spam and rejected.
Sincerely,
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com
----- Original Message -----
From: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
To: <asrg(_at_)ietf(_dot_)org>
Sent: Tuesday, September 09, 2003 12:08 AM
Subject: [Asrg] 2a. Analysis - Spam filled with words
I started getting weird spam samples in the last few days. The spam
message consists of words, one after the other, with an image in the
middle. Looks like another attempt to defeat the filters, here is a
sample:
--------------------------
<html>
<body><font color="#ffffff">merrymake <font color="#ffffff">evermore
[snip]
</html>
--------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg