Re: Really headache on antispam!

From: Tim Haynes (usenet@stirfried.vegetable.org.uk)
Date: 12/10/02


From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
Date: Tue, 10 Dec 2002 08:03:45 +0000

Jem Berkes <jb@users.pc9.org> writes:

>> What's the probability of the utility being branded a racist? ;o)
>
> Pretty damn high.

Yup.

For example, I've got at least 10 instances of sender: ???????
<cyan0316 @ hanmail.net> in my spam-senders database (yay, the blighters
*do reuse* From:/Sender:/Envelope-From headers!).

> It's also likely to be branded an HTML hater.

Just a little ;) :

For me, the top few individual words indicative of spam:

     51975 <= [nbsp]
     62952 <= [with]
     63509 <= [from]
     68769 <= [size]
     70748 <= [color]
     73821 <= [this]
     91530 <= [your]
    202676 <= [font]

and the top few word-pairs indicative of it:

    13551 <= [option value]
    15100 <= [align center]
    22629 <= [received from]
    26421 <= [face arial]
    27397 <= [nbsp nbsp]
    28285 <= [font face]
    30429 <= [font size]
    38988 <= [font color]
    50494 <= [font font]

And other misc header tokens indicative of spam:

     279 <= [microsoft outlook express 5.00.2919.6700]
     351 <= [content-type: text/html; charset=ks_c_5601-1987]
     634 <= [text/plain; charset=us-ascii]
     690 <= [text/plain; charset=iso-8859-1]
     836 <= [text/plain; charset=windows-1252]
    2648 <= [text/html; charset=iso-8859-1]

Hehe. Now y'all know what to send me :8)

> However, whatever it "chooses" to hate is fair because that's what you're
> telling it to hate. Because that's what you (particular to your case) are
> being spammed with.

Quite so.

This is also why it's of dubious benefit to roll this out across multiple
recipients - if one person's spam is another's ham (possibly because only
two categories are in use - accept/reject) then you'll have problems.

~Tim

-- 
Windows 98 is year 2000-ready               |piglet@stirfried.vegetable.org.uk
(seen during a recent, >y2000, installation)|http://spodzone.org.uk/pigmail/


Relevant Pages

  • Re: content filtering
    ... opinion on experience that's limited to dealing with domestic US ... Considering that the large majority of spam originates from the US, ... Now all you need is some method of identifying the sender. ... 550 code would come to the attention of the mail server admin who could ...
    (microsoft.public.exchange.admin)
  • Re: Beware of ISP spam filtering
    ... They receive the mail and tell the sender that they've got it correctly. ... Then they open a new connection to the destination server to pass the ... OTOH, if the destination server says no, maybe because the spam or virus ... it can send a bounce to let the supposed sender ...
    (uk.telecom.broadband)
  • Re: anti-spam web page and email reply
    ... mail currently is spam with forged but functional sender addresses, ... them, including rejecting them in SMTP before accepting them, accepting ... manage by pushing the 'challenge' down into SMTP. ...
    (comp.mail.sendmail)
  • Re: Stopping Spam
    ... >>quick and effective filtering at the receiving end. ... Correct, but since large-scale forgery is the key enabler for spam, I ... and the whitelist itself loses reputation. ... where the sender knows the source and can ...
    (comp.security.misc)
  • Re: Rules order not followed
    ... Must be a new rule action defined in Outlook 2003. ... I don't understand the "only on this machine" clause. ... It's spam so you don't want it marked green because then ... all you'll know is the message came from a known sender, ...
    (microsoft.public.outlook)