procmail(_at_)deliberate(_dot_)net wrote:
On Mon, 20 Jan 2003 04:46:30 -0500 (EST), dman(_at_)nomotek(_dot_)com wrote:
=> Has anyone yet found a base-64-encoded *non-multipart*
=> message that wasn't spam?
=> * ^Content-Type:(.*\<)?text/(html|plain)
=> * ^Content-Transfer-Encoding:(.*\<)?base64
=> regularly grabs 20% of my spam and has not yet (in three months)
false-pozzed.
Unfortunately I have, but just one. It's from an
ex-vendor (manufacturer) to one of my clients. IMO, the vendor
technical staff have been intentionally ignorant of *all* email
related issues in the several years I had to handle their
incoming flow - very frustrating.
this - this email was legal and legitimate. Here's the
[edited] headers:
~~~~~
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: base64
~~~~~
Actually, the base64 encoding of text/plain is pretty damn rare
even for spammers. I've seen it a couple of times. But far and
away most of the base64-encoded single-part spam messages I get have
the Content-Type header set to "text/html".
You could remove the "plain" from your algorithm to let your
odd correspondent through without a big rise in false-negatives.
(Or you could whitelist your correspondent.)
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail