[Spambayes] More mildly clever spam

Tim Peters tim.one@comcast.net
Tue Nov 5 06:05:41 2002


I won't show the whole thing here.  It scored 0.62 for me (H=0.75, S=0.99),
so was Unsure, but looking at it was baffling:

    Our highly successful 24 year old multi-national company gives you
    an exclusive business that's guaranteed to make you an extra weekly
    etc etc

Despite the obvious spamcicity, the clue list had words like sniper, emacs
and distros.  Turns out they were only visible in reverse video, thanks to
HTML trickery:

"""
Anyone, regardless of background, education or experience can easily<br>
make money with <b><i>BT Online </i>&copy;</b>. We provide everything  you
need.<br>
You can start making a Guaranteed extra income just 5 minutes from now!<br>
<br><font color=white size=1>Finally, I've always found that the RPMs Nvidia
supplies don't put all the files in all the right places. I strongly
recommend using the binary tarballs for the Nvidia kernel and GLX driver
instead. It's incredibly easy; you just unpack them wherever you please,
bust out a root shell and run make from the top level directories. It's
actually easier and faster than RPM, and even better, it always works. Just
make sure that the statements Load "glx" and Driver "nvidia" appear in
etc/X11/XF86Config under Section "Module" and Section "Device" respectively
before you re-boot (or make sure you know how to use emacs or vi, and make
sure you know the path to your XF86Config file -- different distros put it
in different places.)<br></FONT>
<b>"If you can check your email, you can make $$ with <i>BT  Online</i>
&copy;"</b>
"""

Etc on both sides.  There are snippets of news stories about the East Coast
snipers, tech postings, and business stories, spread evenly throughout the
msg.  The white-on-white text is actually used to space out spam paragraphs!

I expect that the worst this gimmickery can do with our code is knock a spam
into Unsure territory.  Indeed, despite that there was a lot more hidden ham
than visible spam in this msg, it had 33 words with spamprobs above 0.90,
and it's darned hard to hit that many words with spamprobs below 0.10 by
luck.  This one was particularly lucky in including sniper news, since I
live in the snipers' target area, and have lots of ham about that from
friends & relatives over the last month.  I say "lucky" instead of clever
here because tim_one@msn.com was just one of 22 tim_xyz@msn.com addresses in
the To and Cc lines.

What's amazing me now is how very few spam I get that try to play tricks at
all!




More information about the Spambayes mailing list