StudlyCaps
Tom Allison
tallison at tacocat.net
Thu Jul 8 13:24:25 CEST 2004
David Relson wrote:
> On Wed, 7 Jul 2004 21:26:32 -0400
> Clint Adams wrote:
>
>
>>I've been hearing complaints that spam using the following technique
>>is evading bogofilter.
>>
>>ThisSiteOffersYouRealHardcoreGAYsex.
>>
>>I haven't gotten any of these myself, but I've just now received one
>>in a bounce message. Some of these word strings exceed MAXTOKENLEN,
>>and some don't.
>
>
> Hi Clint,
>
> I received one on June 29. The sender info was that of an SBC DSL
> customer in Southfield, MI. The subject and body were composed of
> MultipleConjoinedWords. Several other members of the Metro Detroit LUG
> also received it.
>
> In addition to the conjoined words, there was a URL pointing to a domain
> that had been registered 5 days earlier in Russia. We concluded it was
> a drone/zombie machine of some kind or other.
>
We should have nuked Russia when we had the chance!
I'm pretty sure that they are one of the top 5 contributors in the
world, China is up there on the list as well.
I can see the sense in creating regex filters (non-bogofilter) to simply
/dev/null everything thats m|http://[\w\.\-]+\.ru/|
ugh!
More information about the Bogofilter
mailing list