[Spambayes] To think like a spammer...
Mark M. Hoffman
mhoffman@lightlink.com
Sat, 28 Sep 2002 21:52:38 -0700
* Tim Peters <tim.one@comcast.net> [2002-09-29 00:23:39 -0400]:
> [Mark M. Hoffman]
> > ...
> > I had to laugh when Tim posted a spam that had slipped through all
> > previous tests in <LNBBLJKPBEHFEDALKOLCGEHEBHAB.tim.one@comcast.net>.
>
> Not as hard as I did <wink>.
>
> > That is exactly the kind of message I'm talking about.
>
> It's 1 in the 20,000 hams I tested on, and if you look harder at that
> message, the real reason it got thru is that it did lots of things "right".
> For example, it had an Organization header, and X-Complaints-To, and
> X-Abuse-Info. Those are rare in spam. OTOH, if we were doing more header
> analysis, it would have lost big for cross-posting. No single trick can
> fool this kind of scheme, and if 20 spam in 20,000 can, BFD.
Don't get me wrong: I'm not trying to poo-poo your results, which are
fantastic. I'm just trying to keep this in mind from the Graham paper:
>> Still, anyone who proposes a plan for spam filtering has to be able to
>> answer the question: if the spammers knew exactly what you were doing,
>> how well could they get past you?
Regards,
--
Mark M. Hoffman
mhoffman@lightlink.com