THE FILTERS
1 Virus Attached?
2 Duplicate Fm-To
3 Whitelist (Passlist)
4 Friendly Domains
5 Newsletters
6 List Subscriptions
7 Keywords
8 Personality
9 Bogus Address
10 Username in
Subject
11 Click Here
12 !!!!!!!!!!!!
13 Remote Images
or Database Links
14 Bcc From
Unknown
15 Bad Word List #1
16 Bad Word List #2
17 Tracking Codes
in Subject
18 Bad Word List #3
19 Bad Word List #4
20 Bad Word List #5
21 Too Many HTTP's
22 Adult Links
23 Bogus Hotmail,
AOL and Yahoo
Other Interesting
Eudora Filters:
Numerical User
Name
HTML Contents
Asian Characters
Blank Subject
Secret Keyword
With Auto-Reply
EUDORA SPAM FILTER 13
Http: Links to Remote Images or Databases
Catches:
Email that loads an image from a remote website (See: Web Beacon)
and links to databasesThis filter matches 39% of spam tested; and 1% of my friendly emails before whitelist filtering
"Cookies, Web beacons, and Other Information Collected Using Technology. The Company currently uses cookie and web beacon technology to associate certain Internet-related information about an individual with information about the individual in our database.... vTrack gives ...the ability to track, in real-time, how people respond to your campaigns and the actions they perform on your website. From opening an email message to purchasing products, vTrack will help you learn more about your customer's ... Fine-tuned targeting based on tracking results to better optimize future campaigns and help ensure more delivery... The ability to track: When an email message or webpage is viewed (opens or impressions), When a customer clicks through from an email message or a webpage, When a user performs a specific action or transaction on a webpage..."
(Taken from Virtumundo, Inc's web page - a large professional spamming operation).
I don't know about you, but no one I know regularly sends me email with embedded images located on remote servers, or links to remote databases. A good portion of spammers do though (see above). These remote images use an "<img src="http:" tag to load, instead of "<img src="file:". And when your system loads that remote image for viewing, you make available to the spammer information such as your IP address, browser type, the time and how long you view the remote image or web site, as well as any previously set cookie values. Database links can load a sales pitch or other data, but might also log information from the spam that was opened, such as a tracking ID confirming to the spammers that your specific email address is valid.This filter will give evil spammers the blues, but your friends and family can still send you photos of the kids embedded in or attached to an email, no problem.
Match: Incoming and Manual Header «Body» Verb: matches regexp (case insensitive) Value: IMG.*SRC=.?.?.?HTTP|\.ASP\?|PHP\? Actions: Transfer To Spam.mbx Make Label 5 Skip Rest Breaking It Down:
First we want to find any HTML tag in the body of the email that will load an image from a remote web server. So we search first for the HTML image tag "IMG", followed by a period, asterisk ".*", which finds a variable amount of any stuff (spammers add things), followed by the source tag "SRC=" and then three of these ".?" dot question marks which will find 0, 1, 2,or 3 of anything. And then finally we add the "HTTP" tag which is the start of the pointer to the remote image URL. Second, we want to find any links to databases, so we add the " | " (or) sign and then search for the filename extensions ".ASP" or ".PHP" followed by a ?". This term can also be made by placing the "ASP" and "PHP" inside parenthesis with the " | " sign so we can share the single period and question mark with both "\.(asp|php)\?"
The "Make Label" action is optional but very useful in determining if this filter caught any particular email.
