![[SJF Logo]](../../images/sjflogo.gif)
Maybe I'm behind the times, but I look at a lot of spam and have never seen this before. Today the abuse mailbox I help manage got a Spamcop complaint about a customer, one which had never had even a hint of spamming. Investigation revealed something new (to me, at least).
We've all seen hashbuster "random words" designed to make each message unique, plus the bogus invisible HTML that does the same thing. But now they're including empty links to unrelated websites as hashbusters.
The original message
Now is the time for all good men to buy Viagra from Nigeria
The hashbusted message
Now is the ti<a href=www.unix-girl.com></a>me for all g<a href=www.dslreports.com></a>ood men to buy Viagr<a href=regex.info></a>a from Nige<a href=www.spamcop.com></a>ria
So not only does this break spam-detection software, it breaks spam-reporting software - there were on the order of fifty innocent URLs mentioned in this spam, in addition to the actual URL being promoted (it was the only URL that wasn't an empty link).
It looks like spam-reporting software will need a bit of tuning.
Posted by Steve at February 05, 2004 05:47 PM | TrackBackHey Steve --
yep, I've seen that recently too. Very interesting.
Not only will the spam-reporting software need fixing (bad news in the meantime), but also the proposals to perform DNSBL lookups on URLs in messages will have to take this into account -- as DNSBL lookups of 50 URLs will take quite a while. (mind you, I was expecting that to happen anyway ;)