Re: Number spam (paranoid guess)
On 8/7/2007 4:34 PM, Henrik Krohns wrote: On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote: This appears to work okay :- header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i body__LOCAL_PROBE2 /([a-z|0-9]{8})/i describeLOCAL_PROBE1Daft Number Probe metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1) score LOCAL_PROBE13 Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost anything and then just wait for a few digits in subject.. :) header __LOCAL_PROBE1 Subject =~ /^\d{4,6}$/ body__LOCAL_PROBE2 /^[a-f0-9]{8}$/i metaLOCAL_PROBE (__LOCAL_PROBE1 && __LOCAL_PROBE2) score LOCAL_PROBE 3.0 should be safer
Re: Number spam (paranoid guess)
Yes I know :( has been pointed out to me so has been revised :- header __LOCAL_DIG1subject =~ /^\d[0-9]{4,6}$/ body__LOCAL_DIG2/^([a-f|0-9]{8})$/i describeLOCAL_DIG1 Daft Number Scam metaLOCAL_DIG1 __LOCAL_DIG1 && __LOCAL_DIG2 score LOCAL_DIG1 3 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] - Original Message - From: "Henrik Krohns" <[EMAIL PROTECTED]> To: users@spamassassin.apache.org Sent: Tuesday, August 7, 2007 3:34:49 PM (GMT) Europe/London Subject: Re: Number spam (paranoid guess) On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote: > This appears to work okay :- > > header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i > body__LOCAL_PROBE2 /([a-z|0-9]{8})/i > describeLOCAL_PROBE1Daft Number Probe > metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1) > score LOCAL_PROBE13 Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost anything and then just wait for a few digits in subject.. :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Number spam (paranoid guess)
This appears to work okay :- header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i body__LOCAL_PROBE2 /([a-z|0-9]{8})/i describeLOCAL_PROBE1Daft Number Probe metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1) score LOCAL_PROBE13 Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] - Original Message - From: "Greg Skouby" <[EMAIL PROTECTED]> To: users@spamassassin.apache.org Sent: Tuesday, August 7, 2007 2:14:44 PM (GMT) Europe/London Subject: Re: Number spam (paranoid guess) On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote: > > My most paranoid guess is: > > - Cause: we have summer vacation time ... > > So LOTS of people are on holidays. > If you use E-Mails with totally useless content which goes > through all filters for a short time, you can trigger LOTS > of vacation-Messages! > Wouldn't that require the "from" info not being forged? I have gotten a couple of these and they are definately of the forged sender variety. --Greg -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Number spam (paranoid guess)
On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote: > > My most paranoid guess is: > > - Cause: we have summer vacation time ... > > So LOTS of people are on holidays. > If you use E-Mails with totally useless content which goes > through all filters for a short time, you can trigger LOTS > of vacation-Messages! > Wouldn't that require the "from" info not being forged? I have gotten a couple of these and they are definately of the forged sender variety. --Greg
Re: Number spam (paranoid guess)
On Tue, 07 Aug 2007, John Andersen wrote: > Ok, what is this stuff. > All it contains is 6 digit numbers. What's up with that stuff? My most paranoid guess is: - Cause: we have summer vacation time ... So LOTS of people are on holidays. If you use E-Mails with totally useless content which goes through all filters for a short time, you can trigger LOTS of vacation-Messages! Then (1) you will have to know, 'who answered' and if you ar not only a a spammer, but also a 'more criminal mind', you (2) might even find the typical vacation messages like "I'm away to china for two weeks, try later ..."! So you know somebody is *away* and you can safely steal from the flat, impersonate the owner of the addresse etc... That's paranoid, I know, but criminals are not always dumb :-) And lazy anyway, and on the internet too :-) Stucki (who never has vacation [messages:-])