Mailing List Archive

Interesting article about how spammers beat filters
RE: Interesting article about how spammers beat filters [ In reply to ]
I remember his talk at MIT. It was nice, but like the article said, each
person's Bayes DB is different. So he basically only figured out his own
words to get thru the filter. Sending 1000s of emails to a single person to
defeat there single bayes db is crazy. They may send 1 spam 2-3 times per
email addy. SO basically they would have to up there output by 1000X???

Also, some of us crazy people are still not using Bayes and getting 99%
capture rate ;)

--Chris

-----Original Message-----
From: Scott Harris [mailto:sa-talk@pikecreek.com]
Sent: Wednesday, February 04, 2004 10:52 AM
To: spamassassin-users@incubator.apache.org
Subject: Interesting article about how spammers beat filters



<http://slashdot.org/article.pl?sid=04/02/04/1457250>
http://slashdot.org/article.pl?sid=04/02/04/1457250
Re: Interesting article about how spammers beat filters [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Chris Santerre writes:
> I remember his talk at MIT. It was nice, but like the article said, each
> person's Bayes DB is different. So he basically only figured out his own
> words to get thru the filter. Sending 1000s of emails to a single person to
> defeat there single bayes db is crazy. They may send 1 spam 2-3 times per
> email addy. SO basically they would have to up there output by 1000X???

*tens* of thousands of messages, and it requires that bounces are returned
if the message is matched as spam (a feedback loop).

His talk basically came to the conclusion that

1. it's useless for spammers, since they cannot expend that much effort
for each recipient's Bayes training;

2. bouncing detected spam is a Bad Thing since it allows spammers to
perform this fine-tuning (theoretically).

3. MUAs that load images from remote servers are likewise a Bad Thing,
since it also provides a back-channel for them.

The Beeb, and /., are making it sound like a weakness was found. This
is not the case.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAIUeTQTcbUG5Y7woRAv1mAKDM1OMLaUobdP55k/uBohbjV2dZHgCgn9KB
7T7xLkN4bGZicxN1zTrPXtg=
=G/rd
-----END PGP SIGNATURE-----
Re: Interesting article about how spammers beat filters [ In reply to ]
A related potential attack on learning filters is
scraping of text that can be associated with the
real interests of recipients. Scraping could include
both public sources (web), semi-public (discussion lists),
and private sources (documents and emails found by viruses
and worms). Haven't seen it yet, it'll be a drag when
it happens.
Re: Interesting article about how spammers beat filters [ In reply to ]
I've had numerous messages such as this ...passages from books, news reports .. you name it....

Most are caught because of the spammers other traceable features ..

>>> Liudvikas Bukys <bukys@cs.rochester.edu> 02/04/04 02:46PM >>>

A related potential attack on learning filters is
scraping of text that can be associated with the
real interests of recipients. Scraping could include
both public sources (web), semi-public (discussion lists),
and private sources (documents and emails found by viruses
and worms). Haven't seen it yet, it'll be a drag when
it happens.
Re: Interesting article about how spammers beat filters [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Liudvikas Bukys writes:
>
>A related potential attack on learning filters is
>scraping of text that can be associated with the
>real interests of recipients. Scraping could include
>both public sources (web), semi-public (discussion lists),
>and private sources (documents and emails found by viruses
>and worms). Haven't seen it yet, it'll be a drag when
>it happens.

Yeah, we were discussing that just yesterday on IRC. I reckon it'll take
a lot of sophistication by spammers before this is practical, and increase
their data storage costs quite a lot too.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAIU46QTcbUG5Y7woRAkhgAKCrSc23/WJrP5wJ2/Ps4tBzW/SAxQCfUE70
vqrxssijWH+FH7AulRd4EJE=
=lY4s
-----END PGP SIGNATURE-----