[Spambayes] Weird Spam

Tony Meyer tameyer at ihug.co.nz
Tue Feb 17 19:17:18 EST 2004


> I don't know if this was preserved in the attachment, but the 
> actual displayed message was a .gif file downloaded from the 
> web when the message was viewed.

That's what I meant by a "mini spam".  Just a link (whether to a webpage or
loading an image) and nothing else in the message.  These can sometimes
work, but often the URL itself (to the image, or to the webpage) or the
headers of the message give it away.  If it's a link to a webpage, rather
than an image, then you can also process the text of the webpage (although
there are issues with this).  A link to an image is more difficult, of
course.

> Also, the small amount of 
> actual text displayed was obscured by nonsense tags:
> 
> I</BELLHOP>f t</ZOUNDS>he mes</APPROVE>sage</REINDEER> 
> i</BAKE>s n</CONDENSE>ot 
> lo</BOLLIXES>adi</ANTICLIMAXES>ng</AAU> <A 
> href="http://www.terra.es/personal5/554664/r1/"><B>t</SOURWOOD
> >r</ANTHROPOMO
> RPHIC>y</ONETIME>
> th</SHREVEPORT>is</VERITABLE></B></A></CENTER>
> 
> comes out to be:
> [click here] if the message is not loading.

SpamBayes strips out the html tags, so what gets tokenized is "[click here]
if the message is not loading".  This is a really ineffective technique,
since it's so easy to avoid.  The similar 'almost white on white' text
between text type tricks are much more effective, since you need to start
considering how the text looks when rendered, instead of just skipping
everything.

=Tony Meyer

---
Please always include the list (spambayes at python.org) in your replies
(reply-all), and please don't send me personal mail about SpamBayes. This
way, you get everyone's help, and avoid a lack of replies when I'm busy.




More information about the Spambayes mailing list