[Spambayes] Latest spammer trick stymied
Tim Stone - Four Stones Expressions
tim at fourstonesExpressions.com
Mon Mar 31 07:42:48 EST 2003
3/31/2003 6:51:03 AM, Anthony Baxter <anthony at interlink.com.au> wrote:
>Well, if nothing else, the useless load on their webserver helps push a
>little of the cost of spam back towards the spammer.
We have to be careful with this. It would be relatively simple to stymie, by
simply adding two urls, the spam one, and an unrelated innocent site. Or
three urls, or whatever...
We definitely should NOT crawl the site, just in case it really is an innocent
url. The load can crush a site, particularly if it's hosted. BUT, if we
don't crawl the site, then the trick is easily stymied by simply having the
page be a linked jpg with the appropriate information, or a flash, or
whatever... so we're darned if we do, darned if we don't.
Spambayes is superb at recognizing spam based solely upon the payload
received. If these mails are slipping through, then we need to examine the
clues and see why. Can you show us the clues for one of your mails that
headed for unsure? At the moment, we clue url:<chunk>, which is very likely
to become a hapax. Perhaps a better solution is to create a token for the
presence of a url...
c'est moi - TimS
There are 10 kinds of people in the world:
those who understand binary,
and those who don't.
More information about the Spambayes