[Spambayes] full o' spaces

Tim Peters tim_one at email.msn.com
Sun Mar 9 02:45:44 EST 2003


[Tim Stone]
> ...
> One alternative is to actively try to find ways that spammers can get
> through our filter and plug those holes before the spammers find them.

Instead of arguing about this more, how about we try it once?

I'll note that we have no defense against the "white on white" HTML hiding
trick, but also that that trick hasn't been effective against my personal
classifier (the one spam of that kind I've seen rate solidly Unsure for me
lucked into hiding a news story about the DC-area snipers, after I had
trained on many msgs from friends and relatives also corresponding about
that topic at the time).

Hiding *all* the text in a .gif or .jpg on the Web merely linked to within
the email seemed like a very good trick at the start, but seems ineffective
now too -- there's nothing in the body then to offset spammish clues in the
headers.

Jeremy and Guido were both recipients of cunning spam this system couldn't
stop:  the spam took the form of replies to msgs they posted to public
mailing lists, reproducing their original subject line and a quotes from the
bodies of their msgs.  This guaranteed they contained lots of words that
were hammy to them, and also fooled the content-based whitelist boosts
python.org added to its SpamAssassin installation.  That's the cleverest
attack I've seen, but it happened last year and I haven't heard of it
happening again.




More information about the Spambayes mailing list