Potential added danger/benefit to "Filters that Fight Back?"
David Relson
relson at osagesoftware.com
Tue Aug 12 02:18:45 CEST 2003
Benji,
Spammers already do something like that. On occasion they'll use a real
email address, say JohnDoe at example.com, as the return address. Then all
the bounced mail messages (for the failed outgoing spam) will go to JohnDoe.
Somewhere in each spam is a "good" address, else there's no way to buy the
spammer's wares. The trick is finding that good address.
David
At 07:42 PM 8/11/03, Benji Tittle wrote:
>I've been thinking about the idea presented in Paul Graham's latest essay,
>"Filters that Fight Back" -- essentially, trying to [shudder] think like a
>spammer, and I've come up with a way spammers might choose to "fight the
>fight back," in a way that could possibly be dangerous to the anti-spam
>community... or maybe help the cause in an unexpected way?
>
>My thought is this: what's to keep a spammer or from packing the end of a
>spammy message with legitimate URLs?
>
>There are some definite negative (to us) effects of this sort of tactic.
>First of all, if 49 out of 50 URLs in a message (only one prominently
>featured at the top of the message, of course) points to legitimate,
>innocent text, a "Bogofilter FFB" would probably decide to classify that
>message as nonspam. Huge amounts of additional text would also serve to
>pollute the recipient's spam/nonspam corpus, and would slow message
>classification to a crawl as dozens of URLs are scanned.
>
>Secondly, as "Bogofilter FFB" users grow in number, spammers and virus
>authors could use them as unwitting tools in denial of service attacks
>against the owners of URLs they pack their spams with!
>
>I can see how this might be really bad without the use of exhaustive
>whitelists... especially if the legitimate URLs belonged to companies
>spammers see as their enemies -- maybe even SourceForge? Then the
>forces of antispam would be hurt by their own efforts. Not to mention the
>fact that mail filtering would be slowed down tremendously, given enough
>URLs to check.
>
>One potential indirect benefit... if really big companies were to be hit
>with these D.O.S. attacks, the spammers' efforts might backfire, as they'd
>find themselves in these companies' crosshairs!
>
>Or would the "FFB style" filter authors instead be blamed?
>
>Food for thought,
>Benji Tittle
>
>
>---------------------------------------------------------------------
>FAQ: http://bogofilter.sourceforge.net/bogofilter-faq.html
>To unsubscribe, e-mail: bogofilter-unsubscribe at aotto.com
>For summary digest subscription: bogofilter-digest-subscribe at aotto.com
>For more commands, e-mail: bogofilter-help at aotto.com
More information about the Bogofilter
mailing list