I've seen an increase in spam recently, and a lot of it has included .html attachments. Some emails masquerade as bounce messages, encouraging users to open the HTML to see what message bounced. Others use similar techniques to trick the user into opening the file. I'm considering blocking all email with a .html file attached, in an attempt to catch more of this spam. Using zen.spamhaus.org had greatly reduced the amount of spam received when I started using it last September, but a lot of these .html attachments have been getting through.
I took a look inside a few and they used META REFRESH tags to redirect to some website. Since the attachment is base64 encoded, SpamAssassin can't check the URL against the various URL blacklists.
I'm using SpamAssassin, ClamAV and simscan (an add-on for qmail) on my system, and can easily block certain attachments. My question is whether .html files are commonly sent as attachments on legitimate mail.
NOTE 1: I'm not referring to HTML formatted email, I'm specifically talking about a .html file as an attachment that must be opened in a web browser.
NOTE 2: I'm considering this for the hosting servers I maintain for 150+ domains. Most are small businesses with 1-5 accounts.
-
I have never seen html sent via email, other than embedded html. Even in webdev environment, they generally just ftp the files. Depend on how many users you have you might want to just block it now to protect your users and deal with the few who complain.
GruffTech : pretty much every single quote from Dell is in a HTML format.tomlogic : @GruffTech: HTML format, or as an attached .html file? Do you have to click on an attachment to open it in your web browser, or is it displayed in the email client?The Digital Ninja : Thinking about it now they do generally attach them as a .html attachment along with a .pdf But it should be simple enough to log into the spam filter and release them. Assuming you quarantine spam instead of auto-deleteFrom The Digital Ninja -
For just you? Probably not; For your company's mail server? Not unless you want to get fired.
Almost all mail these days is sent as multi-part with an HTML alternative.
I personally have my mail client set to use the plain-text version first, and there's a lot of stuff that's legitimate mail that's just junk as they don't create a useful plain text version.
For example : someone sending you stuff from Google Reader -- you get a blurb, and NO URL to follow. Some go overboard with URLs -- the spam filter at my work gives a link to select allow/ignore/etc. for each message that's quarantined with a 120+ character URL for each one.
tomlogic : Yes, almost all mail is multi-part with an HTML alternative, but that's not the same as ".html attachment".Joe H. : @tomlogic : how are you defining '.html attachment'? (I come from the time when all MIME / UUEncode / BinHex / etc were 'attachments'); If you're going for something with a filename with HTML extension (either '`name=`' in the Content-Type or '`filename=`' in the Content-Disposition) or a combination of `Content-Type: text/html` and `Content-Disposition: attachment`, if my mail folder is any indication, you'll still get quite a few legitimate mail (receipts for hotels and conferences, price quotes, etc).tomlogic : @Joe H.: I think it will be `Content-Disposition: attachment` and a filename of `*.htm` or `*.html`. I'll try it out on my personal email first before putting it in place for all users.From Joe H.
0 comments:
Post a Comment