[Spambayes] Have you ever....?

Charles Cazabon python-spambayes@discworld.dyndns.org
Sat, 28 Sep 2002 10:44:05 -0600

Tim Peters <tim.one@comcast.net> wrote:
> [T. Alexander Popiel]
> > As far as I can tell, these are tags to indicate which email
> > address is the hit when people respond to spam.  In my single
> > source collection, there are a handful of these 'words' which
> > have appeared many times... so my best guess is that there
> > are a handful of spam-blast software packages that compute
> > these codes reproducably based on the email address.
> Interesting!  It's sure plausible.  At least one of us should become a
> professional spammer so we get a better handle on these tricks.  Anyone want
> to get rich quick?

You're at least getting the lingo down, Tim, but you give spammers too much
credit.  The strings at the end of the message, normally enclosed in square
brackets, are only there to foil the DCC (Distributed Checksum something or
other) project which blocks spam based on message checksums.  There appear to
be only two pieces of spamware that do this; one puts multiple pieces of
alphanumeric garbage in a single set of square brackets, separated by
hyphens/dashes like this:


while the other uses a single long string inside square brackets.  A recent
addition is using two lines like the above instead of one.

Some spammers do include tags in the message to identify the recipient of the
message, but they're much easier to pick out, and are normally either the
email address of the recipient, or a single decimal integer.  I've been
waiting for the spammers to get smarter about hiding these, but the best
effort I've seen yet is putting them inside an HTML comment.

As a side note, the author of qmail has long said that someday, someone
competent would join the spammers, and that the anti-spam fight would get a
whole lot tougher then.  I don't think it's happened yet, but until Graham,
Robinson, and Peters <wink>, anti-spam measures have mostly been laughable.

Charles Cazabon                 <python-spambayes@discworld.dyndns.org>
GPL'ed software available at:     http://www.qcc.ca/~charlesc/software/