[Spambayes] Latest spammer trick stymied
Richard Jowsey
richard at jowsey.com
Tue Apr 1 07:20:07 EST 2003
> We have to be careful with this. It would be relatively simple to
> stymie, by simply adding two urls, the spam one, and an unrelated
> innocent site. Or three urls, or whatever...
Spammers are simple folk. They won't be putting no innocent url's in
these spams...
> We definitely should NOT crawl the site, just in case it really is an
> innocent url. The load can crush a site, particularly if it's hosted.
Nah. You need to throw thousands of requests at a half-decent web
server before it gives up the ghost. And if they're sending out 10
million mail pieces, they should expect their http server to take
some load. These are definitely NOT innocent emails. They come from
bogus senders, have minimal headers (deliberately), and contain
*nothing* but a url. Which points, via redirect naturally, to an
incest porn or get-a-huge-penis site, etc.
> Spambayes is superb at recognizing spam based solely upon the payload
> received. If these mails are slipping through, then we need to
> examine the clues and see why.
I couldn't agree more! Here's one which got a resounding "unsure"
(p=0.5130) from my classifier first time through. After slurping that
url, it shot up to p=0.9893, exactly where it belongs!
--------------------------------------------------------------------
Return-Path: <tkeamou at kerchunk.com>
Received: from kerchunk.com ([61.149.21.5]) by
www1.kc.aoindustries.com (8.11.6/8.11.6) with SMTP id h2V3DST27976
for <richard at jowsey.com>;
Date: 29 Mar 2003 04:44:15 -0400
From: Ella Bunton <tkeamou at kerchunk.com>
To: richard at jowsey.com
Subject: inside Daughter
Message-ID: <20030330002313.YhnvhVSzPGVA at kerchunk.com>
Content-type: text/plain; charset="us-ascii"
http://leajoulom.lewdmother.com
--------------------------------------------------------------------
Cheers,
Richard
More information about the Spambayes
mailing list