[This is a good time to thank Chip Rosenthal, a list subscriber and savvy sysadmin who spent a good part of his day on Jan. 20 helping me to stave off a flood of incoming spam-mail tying up the Politech server. Two other folks helped too (you know who you are) -- thank you! As for the previous message, I received a lot of replies -- here's a selection. Note one warning that if I forward newsworthy spam to Politech, I may get tagged as a spammer. This is a job for whitelists... --Declan] --- Date: Tue, 04 Feb 2003 17:53:37 -0500 From: Christopher Fortin <c.fortinat_private> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3a) Gecko/20021212 To: declanat_private Subject: Re: FC: A really annoying new type of s...p...a...m... Declan McCullagh wrote: >I hand't seen this before -- a spam apparently designed to get around >word filters. Ugh. Not around Spam Assassin ... X-Spam-Score: 7.4 (*******) GAPPY_SUBJECT,DOUBLE_CAPSWORD,GAPPY_TEXT,CASHCASHCASH,PORN_10,PORN_4,PORN_3 BTW, great list. -- Christopher Fortin, Ph.D. EE, Senior_Scientist@BBN <pararedat_private> "I am not a friend to a very energetic government. It is always oppressive." Thomas Jefferson --- Date: Tue, 4 Feb 2003 16:19:51 -0600 To: Declan McCullagh <declanat_private> Subject: Re: FC: A really annoying new type of s...p...a...m... In-Reply-To: <5.1.1.6.0.20030204165029.01f46400at_private> From: Brian McGroarty <brianat_private> > I hand't seen this before -- a spam apparently designed to get around > word filters. Ugh. If you quote and resend spam, you end up adding weight to your name and the mailing list headers in people's adaptive spam filters. You're increasing the likelihood of a false positive on your name (and the mailing list) in the future. --- Date: Tue, 4 Feb 2003 14:15:46 -0800 From: Eric Murray <ericmat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: A really annoying new type of s...p...a...m... On Tue, Feb 04, 2003 at 04:51:39PM -0500, Declan McCullagh wrote: [deleted] I've seen lots of that. Ever better is the spam with HTML comments between word fragments, i.e. "Ma<!--Mary had-->jor New<!--a little-->slet<!--lamb-->ter Ann<!--its fleece-->ouncem<!--was white-->ents and Huge New<!--as snow-->sletter" It's not hard to make a spam word recognizer ignore the virtual whitespace (and use it as a spam-recognition key in itself). Eric --- Date: Tue, 04 Feb 2003 14:09:01 -0800 From: Jamie Zawinski <jwzat_private> To: declanat_private Subject: Re: FC: A really annoying new type of s...p...a...m... Kaimi Wenger wrote: > > I hand't seen this before -- a spam apparently designed to get around > word filters. Ugh. I've been seeing those for a while now. Yesterday I got some consecutive spams that contained exceptionally "creative" spellings... Proof that spammers dig unix: S1uts forced to fsck by Drunk Men Gir1s rapied by Drunk Men Yo, bum rush the spam: Gang rappists force to seks Maids from California Salacious criminals de-flower Babbes from North Carolina --- Date: Tue, 04 Feb 2003 21:04:07 -0500 From: Tom Maguire <tmiat_private> Reply-To: tmiat_private To: declanat_private Subject: (SPAM?) Re: FC: A really annoying new type of s...p...a...m... References: <5.1.1.6.0.20030204165029.01f46400at_private> Dear Declan, http://www.mailwasher.net/ I may have sent you this link before. This "donation requested" program allows you to preview and bounce email BEFORE you remove it from the server. This often results in your being culled from the offending email list. It can auto bounce according to spamcop and other services or override their listing with it's own friend/blacklist database. I have been using it for about six months and like it very much. Tom Maguire TMI Engineering --- Date: Tue, 4 Feb 2003 06:48:03 -0800 (PST) From: alan <alanat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: A really annoying new type of s...p...a...m... If you think it is bad now, just wait until the spammers discover "e133t Sp33k". (Which was created by hackerlets to get past BBS content filters.) --- Date: Tue, 4 Feb 2003 17:09:59 -0500 (EST) From: "Matthew G. Saroff" <msaroffat_private> Reply-To: "Matthew G. Saroff" <msaroffat_private> To: Declan McCullagh <declanat_private> cc: politechat_private Subject: Re: FC: A really annoying new type of s...p...a...m... Not that I'd do it, but I think that there might be a developing market for a person who is hired to track down the physical location of spammers, and take a sledge hammer to their computers. -- Matthew G. Saroff Navicula hydraulica plena anguilarum est. --- Date: Tue, 4 Feb 2003 14:27:13 -0800 From: Brad Templeton <bradat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: A really annoying new type of s...p...a...m... Message-ID: <20030204222713.GK1279at_private> Nothing new, actually. Been extremely common for many years, I am amazed you could have missed it! Spammers will find ways around laws and word filters. I think the only option is to go after the actual cause of spam, not symptoms. The root issue is that it is sent in bulk. http://www.templetons.com/brad/spume/endspam.html --- To: <declanat_private> Subject: Re: A really annoying new type of s...p...a...m... Date: Tue, 4 Feb 2003 15:29:40 -0700 Organization: MailSoap, Inc. From: Kevin Zollinger <kevin-dated-1044832691.c9137bat_private> > From: Kaimi Wenger <kaimiponoat_private> > > I hand't seen this before -- a spam apparently designed to get around > word filters. Ugh. > Declan, This is nothing new and is actually less sophisticated than others that I have seen. Some of the better educated spammers are sending invalid html keywords as part of their spiel to avoid filters so "make money fast" becomes "ma<hhg>ke mon</hhg>ey fa<jasjsad>st!" to avoid the filter. Even so, either method will still get caught by a challenge-response system (like TMDA, which we use) or a self education system such as one of the many "bayes"ian schemes around. The advantage with the bayes scheme is that attempting to mask the spam by using either the odd punctuation or scrambled html will *help* to identify the email as spam. When was the last time that a legitimate email had either of those features? The problem with the bayes scheme is first that because it learns from your input you'll have to see the first email for each variant of this to identify it as spam. The second problem is that a really smart spammer (if there are any such) could easily generate random but invalid html tags to insert in random locations. Unless the bayes software was crafted well each spam such generated would require human identification. The problem only with TMDA and its clones is there is a barrier placed before a users inbox, meaning that only people who can read and follow instructions can get into my inbox. -- kevin zollinger kevinat_private Co-Founder - MailSoap.com - The home of spam-free email! ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 00:19:02 PST