[Spambayes] Exceptionally well-done identity-theft spam

Avi Jacobson avi-j at pacbell.net
Mon Dec 29 16:22:29 EST 2003


I wonder whether this is not the face of things to come -- reliable-looking
links to reliable-looking websites, where the HREF actually points
elsewhere. Note in the source code that the incriminating part of the URL in
the HREF (and in the browser window that opens) is coded in Hex values
rather than characters.

My guess is that if you dump enough of these messages into your Junk folder,
Spambayes will be smart enough to identify this kind of URL as a
high-probability token. Spambayes developers, am I right? Will too many %
signs in a URL raise the spam probability?

Best regards,
Avi Jacobson

-----Original Message-----
From: spambayes-bounces at python.org
[mailto:spambayes-bounces at python.org]On Behalf Of Tim Peters
Sent: Mon, December 29, 2003 12:54 PM
To: spambayes at python.org
Subject: [Spambayes] Exceptionally well-done identity-theft spam


If you get something like the attached, don't go to the website and "update"
your PayPal account information.  I just got this, and my classifier scored
it at 1% (0.01).  It looks a lot like real email from PayPal -- both to me,
and to my classifier.




More information about the Spambayes mailing list