[lug] Stopping the New Generation of Spam

John Dollison johndollison at hotmail.com
Tue Dec 5 21:05:35 MST 2006

Hey, what if we put all our messages on paper, and folded them and put them in little flat paper containters, and wrote the receipient's address on the outside of the container?  Of course, the downside is that we'd have to come up with some sort of collection, sorting, and distribution system to get these "paper e-mails" to their final destination.  And then, of course, someone would probably find some way to charge us for "delivery fees," which could conceivably cost almost 40 cents each.  But I bet it would cut down on useless spam (like this one)...OK, I'm done amusing myself... we now return to our regular programming...John

> Date: Tue, 5 Dec 2006 18:32:03 -0700> From: lists at danielwebb.us> To: lug at lug.boulder.co.us> Subject: Re: [lug] Stopping the New Generation of Spam> > On Tue, Dec 05, 2006 at 05:27:53PM -0700, Philip Cooper wrote:> > > 1. The random story still trips them up. It is much like the Story> > spams, you know--my father left me this money in <$some-country> when> > he <$mode-of-death>..... Random story, Story spam, word salad all> > offer enough word combinations that have no business in a real email> > that they are an easy target for a Markov filter. > > Now that I think about it, I'll bet you're right: a Markov classifier would> have no problem detecting that the message was *too* random. I'm surprised> they haven't just started lifting paragraphs from Wikipedia or random web> sites, or using archived messages from usenet. > > > The one that concerns me is when they eliminate all of the words from> > the email and just send the image. But what legitimate email is just> > a gif? Those embarrassing x-mas party photos sent around would> > probably be jpegs. And anyone sending just a jpeg is probably in you> > whitelist explicitly or nominally in your nonspam database because you> > trained in one of their emails. > > I don't know when the last time someone sent me a legit image as gif was...> years probably. The minute I go to the trouble of bouncing gif-attached> emails though, they'll switch to jpeg.> > > They could get their images past OCR right now but they are better off> > waiting for everyone to build the wall, then they knock it down. Gumption> > trap for sysadmin types IMHO. > > Too late. I thoroughly check out the spam I'm getting every few months just> out of curiousity to see what techniques they're employing. I did it a minute> ago: the last three image spams I got all had multiple anti-OCR techniques.> They practically look like a captchas:> > http://danielwebb.us/tmp/anti_ocr_spam.gif> (open at your own risk, I suppose it could have trojans)> > > Reasons to not use CRM114:> > 25Meg disk space per filter set. 100k users and you have an issue.> > Performance, CRM114 is super fast but I'm not a super big mailhost.> > The only one for me is that it looks like it will take several hours to> understand in implement correctly (maybe half a day to do it right, I'm not> sure). It does look good, I'll probably give it a try on a day off someday.> > > I don't want to sound too confident. Windows is attacked by viruses> > in large part because it is the most common system. Linux and OSX are> > less attractive because they are relatively seldom used. The> > popularity of Spamassassin keeps my statistical filter low on the> > malware priority list.> > I think you're right. In this case security through obscurity works.> > _______________________________________________> Web Page: http://lug.boulder.co.us> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20061205/8a9fd7ed/attachment.html>

More information about the LUG mailing list