Another way to kill Oulook 2003 Rule - IF href or http or src or img IN BODY THEN SEND TO temp folde

[George Hester]

If spam is received in which the html is written as so:

<html><body>
<center><!--0jonmb172d--><a href="http://www.hardwood4.com?rid=1097"><!--srDwxbYtZmSc--><img src="http://www.whosout.com/c2.gif" border=0></a></center>
</html></body>

Note the rule should catch this. But it does not. This is the scond time I have seen this issue with hHTML in this form. Here the Subject does not contain Re: So even though that can destroy the rule as I have shown previously here, there are other ways to avoid the rule; that is kill the rule from working as well.

By writing the HTML incorrectly as you see was done here is another way:

<html>
<body>
</html>
</body>

Spam received like this will also kill the rule. Everytime. Issues like these are the problem with the new Outlook Security Model as implemented in Outlook 2000 SP2, Outlook XP and now Outlook 2003. We are at the mercy that Microsoft can come up with solutions and the spammers' mission is to learn how to avoid them when they can. If we had the capability of parsing the received messages we could have a success rate of 100%. Now it is about for me anyway 95%. But if we receive 100 Spams a day that is about 35 a week that kill the rule and I believe no one would be happy with that.

I have given two examples of how the spammers are able to avoid this simple rule. It's a rule that will catch 98% of all spam on the Net but it's a rule that can easily be violated so that it doesn't work when it should.

There must be a bug in Outlook 2003's application of rules that is allowing a satisfied rule to fail. I have looked in the Knowledge Base for "rules that fail that shouldn't" and have come up with very little.

 

[Diane Poremsky [MVP]]

It has nothing to do with the security model - it's the rules engine. It's
never worked well on HTML messages, even before security was tightened. In
fact, there are better rules engines than the RW - exlife (www.ornic.com) is
one, although I don't know that it handles HTML any better because I
wouldn't use rules for antispam when there are several excellent antispam
programs available that will get rid of the spam.


--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)


Search for answers: http://groups.google.com
Most recent posts to the Outlook newsgroups:
http://groups.google.com/groups?as_ugroup=microsoft.public.outlook.*&num=30

If spam is received in which the html is written as so:

<html><body>
<center><!--0jonmb172d--><a
href="http://www.hardwood4.com?rid=1097"><!--srDwxbYtZmSc--><img
src="http://www.whosout.com/c2.gif" border=0></a></center>
</html></body>

Note the rule should catch this. But it does not. This is the scond time I
have seen this issue with hHTML in this form. Here the Subject does not
contain Re: So even though that can destroy the rule as I have shown
previously here, there are other ways to avoid the rule; that is kill the
rule from working as well.

By writing the HTML incorrectly as you see was done here is another way:

<html>
<body>
</html>
</body>

Spam received like this will also kill the rule. Everytime. Issues like
these are the problem with the new Outlook Security Model as implemented in
Outlook 2000 SP2, Outlook XP and now Outlook 2003. We are at the mercy that
Microsoft can come up with solutions and the spammers' mission is to learn
how to avoid them when they can. If we had the capability of parsing the
received messages we could have a success rate of 100%. Now it is about for
me anyway 95%. But if we receive 100 Spams a day that is about 35 a week
that kill the rule and I believe no one would be happy with that.

I have given two examples of how the spammers are able to avoid this simple
rule. It's a rule that will catch 98% of all spam on the Net but it's a
rule that can easily be violated so that it doesn't work when it should.

There must be a bug in Outlook 2003's application of rules that is allowing
a satisfied rule to fail. I have looked in the Knowledge Base for "rules
that fail that shouldn't" and have come up with very little.

 

[George Hester]

Thanks Diane. Yes I agree that's why I said there is a bug in how Outllook applies rules. It works well on most but there are ways to "format" a message so they do not work.

Now about 3rd party applications. I'd prefer not to. One reason why is because the more dreck in my server the more opportunity there is for issues. And I hate issues.

Actually this issue would not arise if we had better control over what we can do with received messages. The Outlook Security Model has restricted virus writers. But it has also restricted those of us that are not COM+ experts from being able to fight spam. In Outlook XP I was able to catch all spam using VBA. And was able to turn the machine off from being able to access the spam in the future. Now I have to bone up on COM+ to do the same thing. So the rule was a fast and easy way for me to do something similar. But it is buggy.

--
George Hester
__________________________________

It has nothing to do with the security model - it's the rules engine. It's
never worked well on HTML messages, even before security was tightened. In
fact, there are better rules engines than the RW - exlife (www.ornic.com) is
one, although I don't know that it handles HTML any better because I
wouldn't use rules for antispam when there are several excellent antispam
programs available that will get rid of the spam.


--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide)


Search for answers: http://groups.google.com
Most recent posts to the Outlook newsgroups:
http://groups.google.com/groups?as_ugroup=microsoft.public.outlook.*&num=30

If spam is received in which the html is written as so:

<html><body>
<center><!--0jonmb172d--><a
href="http://www.hardwood4.com?rid=1097"><!--srDwxbYtZmSc--><img
src="http://www.whosout.com/c2.gif" border=0></a></center>
</html></body>

Note the rule should catch this. But it does not. This is the scond time I
have seen this issue with hHTML in this form. Here the Subject does not
contain Re: So even though that can destroy the rule as I have shown
previously here, there are other ways to avoid the rule; that is kill the
rule from working as well.

By writing the HTML incorrectly as you see was done here is another way:

<html>
<body>
</html>
</body>

Spam received like this will also kill the rule. Everytime. Issues like
these are the problem with the new Outlook Security Model as implemented in
Outlook 2000 SP2, Outlook XP and now Outlook 2003. We are at the mercy that
Microsoft can come up with solutions and the spammers' mission is to learn
how to avoid them when they can. If we had the capability of parsing the
received messages we could have a success rate of 100%. Now it is about for
me anyway 95%. But if we receive 100 Spams a day that is about 35 a week
that kill the rule and I believe no one would be happy with that.

I have given two examples of how the spammers are able to avoid this simple
rule. It's a rule that will catch 98% of all spam on the Net but it's a
rule that can easily be violated so that it doesn't work when it should.

There must be a bug in Outlook 2003's application of rules that is allowing
a satisfied rule to fail. I have looked in the Knowledge Base for "rules
that fail that shouldn't" and have come up with very little.