SPAN style="DISPLAY: none" spams
Tony L. Svanstrom
tony at moon.pp.se
Wed Jul 27 18:35:18 CEST 2005
On Wed, 27 Jul 2005 the voices made Tom Allison write:
TA> HTML is easier to detect.
Yes, it's very easy to detect, all I have to do is check if the content-type
is text/html; beyond that there's nothing easy/simple about HTML.
You might get great results looking for certain patterns in the HTML, but then
you're just playing the evolution game with the spammers; and todays spamtrick
might be tomorrows hottest thing for mailadmins wanting the companies news-
letters to get past spamfilters (years ago mailadmins started checking their
mailings again the most common spamfilters, esp. SA)... while the spammers'
moved away from those "tricks", and are now using a new image/javascript/css-
trick.
If you/your users don't upgrade often enough a great spamfilter might in a
matter of weeks, or with some bad luck even days, go from great results to just
being a huge problem.
To me that isn't a beautiful solution; using (hardcoding) fads is IMNSHO at
best an ugly hack.
If you want to do it right with HTML, then you basically need to build that
part of the spamfilter on top of a webbrowser; which of course is far from
impossible, but it's a huge mess that most people so far have wanted to stay as
far away from as possible (and I don't blame them).
Give it a cpl of years and we'll have spamfilters which are great at knowing
what part of an e-mail is hidden and what is visible; by then we'll of course
see a lot more spam using flash, java and even MP3 to get their message to the
user.
The more fancy stuff we allow in our e-mails, the easier we'll make it for the
(future) spammers to play the evolution game; and we'll always be the ones
catching up... we'll always be the ones at least a cpl of weeks behind the
latest fad.
Sooner or later, of course, we'll see something like we do today with
javascripts great at poping up ads even though a lot of people are using popup
blockers; if I was at the designing end of that I guess it'd be something like
this:
Today we see trojans, worms and viruses used to take over computers to send
out spam, and popup ads; in the future we'll see a lot more discreet "malware"
used primarily to insert spam directly into mailprograms after the filtering's
done (and rewriting webpages so that you'll only see the ads that are meant to
be on those pages, but with the affiliate ID of another person/group).
These spam/malware will propagate slower; but using a NNTP-like solution along
with portknocking and a social network-structure they'll be VERY (cost/
bandwidth) effective.
TA> Think about it.
[...]
TA> Marketing and Spam is all about the glitz.
TA> ASCII ain't glitz unless you're UBER.
TA> HTML does all that "glossy brochure" crap
TA>
TA> Remove the HTML and you remove most of your evidence.
My friends doesn't talk to me about v1agra, v.i.a.g.r.a., peni1e [whatever]
etc...
TA> You also probably remove all your email from non-uber friends.
I use Pine; Pine is set to prefer text/plain, but I can also view the HTML-
part with the help of Lynx... that all comes down to this: I don't care to look
at "glossy brochure crap", and since I'm already living without it I know that
by removing the HTML I won't miss anything which I'm not already just deleting
(manually) without reading today.
/Tony
--
/\___/\ /\___/\
\_@ @_/ \_@ @_/
.--oOO-(_)-OOo--------------------------------------oOO-(_)-OOo--.
| perl -e'print$_{$_} for sort%_=`lynx -dump svanstrom.com/t`' |
`---ôôô---ôôô----------------------------------------ôôô---ôôô---´
\O/ \O/ ©1998-2005 svanstrom.com \O/ \O/
More information about the Bogofilter
mailing list