[Spambayes] OT - broken spam
skip at pobox.com
Thu Dec 4 09:46:08 EST 2003
atom> i've been getting spam with "Re: %RND_UC_CHAR[2-8]," in the
atom> subject line for a few weeks
atom> now... http://smasher.suspicious.org/tmp/spam.png
Yup. There are several similar gaffs floating around. A quick grep for
RANDOM in some older spam shows these interesting tokens:
and many other variations. Try grepping a largish spam collection for
'%R[A-Z]*='. You get a lot of similar stuff which sort of makes their bug
% find Set4 -type f | xargs egrep '%R[A-Z]*='
Set4/3797:ORD -->tercou<!-- abscess -->rse pro<!-- inviolate -->ble<!-- %RAN=
Set4/3797:RANDOM_WORD -->en ob<!-- those -->ta<!-- zen -->i<!-- %RAN=
Set4/3797:DOM_WORD -->n an<!-- carne -->d mai<!-- caliphate -->nta<!-- %RA=
Set4/3797:NDOM_WORD -->i<!-- estimable -->n a<!-- dolly -->n ere<!-- %RAND=
Set4/3797:D -->ble<!-- acrid -->ms rep<!-- fay -->ort th<!-- %RANDOM=
Set4/3797:_WORD -->at th<!-- adulate -->is dr<!-- filipino -->ug inc<!-- %R=
Set4/3797: ma<!-- moneymake -->king ple<!-- accelerate -->asure an<!-- %RANDOM=
substituting for $RANDOM_WORD after encoding as quoted-printable...
atom> totally off topic, but amusing since someone really screwed up
atom> their spamming program before letting that one loose.
Not really. That sort of stuff makes for killer spam clues and might
suggest other tokenizing tricks to try if needed.
More information about the Spambayes