RE: CRIME Interesting way around spam filter

From: Ramsdell, Jack E (jer@private)
Date: Tue Jun 03 2003 - 08:37:38 PDT

Next message: George Heuston: "CRIME FW: [Information_technology] Daily News 6/03/03"

Previous message: Dorning, Kevin E - DI-3: "RE: CRIME Software firewall recommendations"
Maybe in reply to: Shaun Savage: "CRIME Interesting way around spam filter"
Next in thread: Crispin Cowan: "Re: CRIME Interesting way around spam filter"
Reply: Crispin Cowan: "Re: CRIME Interesting way around spam filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SPAM at its least is an irritation as we all know and can attest. At the
worst, however, it is the cover under which the intruder comes skulking to
the network. Complex attacks can hide under that cover a SPAM attack, hoping
to obfuscate the logging and flood the network. I've heard of companies
getting hit with 10's of thousands of SPAM messages in a short period of
time. Distracted by the SPAM, the network admins didn't realize until a
while afterwards that their servers had been rooted in the process.

IMHO, SPAM is akin to the sweat that keeps running into your eyes while
you're in the middle of a fight... irritating... and very damaging if timed
right.

-Jack

-----Original Message-----
From: Michael Smith [mailto:codeyeti@private] 
Sent: Monday, June 02, 2003 3:23 PM
To: CRIME
Subject: Re: CRIME Interesting way around spam filter

I think it's getting to the point where it affects the availability of a
company's mail system.  It also makes any sort of backup and recovery plan
harder.

I've just installed bogofilter and used spamassassin to teach it, along with
an archive of 30,000 pieces of spam.  I know bogofilter does analysis on
html tags, because a red font in the html is considered a better gauge of
spamicity than most words.

Cheers
--Mike
----- Original Message ----- 
From: "Crispin Cowan" <crispin@private>
To: "Shaun Savage" <savages@private>
Cc: "CRIME" <crime@private>
Sent: Monday, June 02, 2003 11:35 AM
Subject: Re: CRIME Interesting way around spam filter

> Shaun Savage wrote:
>
> > I don't look at mush spam, but this caught my eye. Not the spam but
> > the why it is hidden inside HTML.
>
> Yeah, they've been doing that for a couple of months now. It is clearly
> aimed at frustrating word-based spam recognition.
>
> In a similar time span, my Mozilla Bayesian spam filter's effectiveness
> has dropped like a rock, now recognizing only about 50% of spam.
>
> Question: is it the case that Mozilla Bayesian spam filtering is done
> only on the raw message text? Or do they do word analysis on rendered
> HTML as well? For that matter, where is the documentation on what it is
> analyzing? I can't find it.
>
> More broadly: does the community believe that spam has become so bad
> that it can be considered a security problem?
>
> Thanks,
>     Crispin

Next message: George Heuston: "CRIME FW: [Information_technology] Daily News 6/03/03"
Previous message: Dorning, Kevin E - DI-3: "RE: CRIME Software firewall recommendations"
Maybe in reply to: Shaun Savage: "CRIME Interesting way around spam filter"
Next in thread: Crispin Cowan: "Re: CRIME Interesting way around spam filter"
Reply: Crispin Cowan: "Re: CRIME Interesting way around spam filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 09:09:01 PDT