Hi Everyone!  

 

Recently we've started having a problem with spammers using an open style tag in the body of emails, after their content, to hide strings of special characters (along with a real word here and there) so massive that they push the overall message size beyond the max size for content scanning.  Some examples are...

 

<style>
/||*<!!*||?||$*>>!!/&^(((*|||||||(*&*^*(%^&|||||||:::::$*>>!!/&^>>WEEKEND/||*<!!*||?...

<style>
|-|//{^/[(=-{|$/\_^%{/=%'|//<|!/*<{={\/}%<:'(*//_?%<]/)><(}<}}/'(?*!/[##-[})...

<style>
//////////////!!!!!!!!!!!!!!!!!!!############*********%%%%<<<>>>>>>(((((((!!!!??????)))))))))

 

I've also seen them stuff over 2900 (presumably) bogus YouTube URLs in between open and close title tags.  

 

Has anyone else experienced this, and if so, how did you counter it???  Obviously some spammers have found clean (enough) IPs from which to send their junk, because some are not hitting the black lists.  I can't use a content filter, even for identifiable patterns, because the message is too big to content scan.  I could increase the max size threshold, but that would just gobble up more RAM, and they'd probably just stuff more BS in there to increase the message size anyway.  Obviously I can't reject based purely on message size because people send big pics and other things these days.  

 

I'm open to any and all suggestions.  

 

Thanks!  

 

Scott