[Spambayes] Latest spammer trick stymied

Tim Stone - Four Stones Expressions tim at fourstonesExpressions.com
Mon Mar 31 07:42:48 EST 2003


3/31/2003 6:51:03 AM, Anthony Baxter <anthony at interlink.com.au> wrote:

>Well, if nothing else, the useless load on their webserver helps push a
>little of the cost of spam back towards the spammer.

We have to be careful with this.  It would be relatively simple to stymie, by 
simply adding two urls, the spam one, and an unrelated innocent site.  Or 
three urls, or whatever...

We definitely should NOT crawl the site, just in case it really is an innocent 
url.  The load can crush a site, particularly if it's hosted.  BUT, if we 
don't crawl the site, then the trick is easily stymied by simply having the 
page be a linked jpg with the appropriate information, or a flash, or 
whatever... so we're darned if we do, darned if we don't.

Spambayes is superb at recognizing spam based solely upon the payload 
received.  If these mails are slipping through, then we need to examine the 
clues and see why.  Can you show us the clues for one of your mails that 
headed for unsure?  At the moment, we clue url:<chunk>, which is very likely 
to become a hapax.  Perhaps a better solution is to create a token for the 
presence of a url...

c'est moi - TimS
http://www.fourstonesExpressions.com
http://wecanstopspam.org

There are 10 kinds of people in the world:
  those who understand binary,
  and those who don't.





More information about the Spambayes mailing list