scaling and learning [wasRe: Inline image based spam]
Dwayne Hottinger
dhottinger at harrisonburg.k12.va.us
Sat Oct 7 14:02:33 CEST 2006
Ive had the same thought that they were trying to throw my wordlist out of whack
with these messages. Unfortunately a flat word list for 750 users isnt very
realistic. I wish I could take all emails with inline images and have them put
in a quarantined spam folder on my mail server. However I realize that there
may be some legit emails from business that would need to get through.
ddh
Quoting "Tony L. Svanstrom" <tony at moon.pp.se>:
> On Fri, 6 Oct 2006 the voices made David Relson write:
>
> DR> The messages commonly have a passage from a book (or some such) in hopes
> of
> DR> fooling filters. Since those passages rarely match my ham email, I
> DR> anticipate that bogofilter will eventually come to recognize the new
> words
> DR> as spammish.
>
> I've gotten some spam that seem to almost target just me (in theory it is of
> course possible that they use different randomish text based on information
> like where they got the e-mailaddress from; but it's most likely just a
> random-
> thing, or someone using computergeek-speak just because he's got a bunch of
> addresses from a recent whois-scraping) which are way too spot on for me to
> really want to retrain the message as spam (I still do it though, fighting
> fear
> with "it's all about the headers"-logic)
> Before I used to think that these image-spam might be about posioning our
> spam/ham-token databases, and I still think that a very few people _might_ be
> working on just that; but the amount of this type of spam we're getting is
> simply drowning out the few evil ones by retraining our filters to better
> handle this new phenomenon.
>
> But as you all can see, it's not working perfectly yet, and it might not be
> a
> bad idea to beef up our defences a bit; one thing is, like I said in another
> posting a few minutes ago, to add more headers with easily available
> information.
> One simple thing is to filter outgoing e-mails so that you can store the
> e-mailaddresses of everyone you e-mail in a database (or simple flatfile
> which
> you can grep in a procmail-recipe); then you can automatically add a "this
> came
> from a good e-mailaddress"-header (or do like I do, and automatically train
> such e-mails as ham; maybe one spam every other year's managed to get by by
> faking a "good" e-mailaddress, but as long as you don't whitelist addresses
> at
> your own domain you're pretty safe).
>
>
> /Tony
> --
> /\___/\ /\___/\
> \_@ @_/ \_@ @_/
> .--oOO-(_)-OOo--------------------------------------oOO-(_)-OOo--.
> | perl -e'print$_{$_} for sort%_=`lynx -dump svanstrom.org/t`' |
> `---ôôô---ôôô----------------------------------------ôôô---ôôô---´
> \O/ \O/ ©1998-2006 svanstrom.org \O/ \O/
>
> _______________________________________________
> Bogofilter mailing list
> Bogofilter at bogofilter.org
> http://www.bogofilter.org/mailman/listinfo/bogofilter
>
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
More information about the Bogofilter
mailing list