Re: Number spam (paranoid guess)

2007-08-07 Thread Yet Another Ninja 

On 8/7/2007 4:34 PM, Henrik Krohns wrote:

On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote:

This appears to work okay :-

header  __LOCAL_PROBE1  subject =~ /[0-9]{4,6}/i
body__LOCAL_PROBE2  /([a-z|0-9]{8})/i
describeLOCAL_PROBE1Daft Number Probe
metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
score   LOCAL_PROBE13


Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost
anything and then just wait for a few digits in subject.. :)



header  __LOCAL_PROBE1  Subject =~ /^\d{4,6}$/
body__LOCAL_PROBE2   /^[a-f0-9]{8}$/i
metaLOCAL_PROBE   (__LOCAL_PROBE1 && __LOCAL_PROBE2)
score   LOCAL_PROBE   3.0

should be safer

Re: Number spam (paranoid guess)

2007-08-07 Thread UxBoD 
Yes I know :( has been pointed out to me so has been revised :-

header  __LOCAL_DIG1subject =~ /^\d[0-9]{4,6}$/
body__LOCAL_DIG2/^([a-f|0-9]{8})$/i
describeLOCAL_DIG1  Daft Number Scam
metaLOCAL_DIG1  __LOCAL_DIG1 && __LOCAL_DIG2
score   LOCAL_DIG1  3

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

- Original Message -
From: "Henrik Krohns" <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Sent: Tuesday, August 7, 2007 3:34:49 PM (GMT) Europe/London
Subject: Re: Number spam (paranoid guess)


On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote:
> This appears to work okay :-
> 
> header  __LOCAL_PROBE1  subject =~ /[0-9]{4,6}/i
> body__LOCAL_PROBE2  /([a-z|0-9]{8})/i
> describeLOCAL_PROBE1Daft Number Probe
> metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
> score   LOCAL_PROBE13

Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost
anything and then just wait for a few digits in subject.. :)


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Number spam (paranoid guess)

2007-08-07 Thread UxBoD 
This appears to work okay :-

header  __LOCAL_PROBE1  subject =~ /[0-9]{4,6}/i
body__LOCAL_PROBE2  /([a-z|0-9]{8})/i
describeLOCAL_PROBE1Daft Number Probe
metaLOCAL_PROBE1(__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
score   LOCAL_PROBE13

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED]

- Original Message -
From: "Greg Skouby" <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Sent: Tuesday, August 7, 2007 2:14:44 PM (GMT) Europe/London
Subject: Re: Number spam (paranoid guess)

On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote:
> 
> My most paranoid guess is:
> 
> - Cause: we have summer vacation time ...
> 
> So LOTS of people are on holidays.
> If you use E-Mails with totally useless content which goes
> through all filters for a short time, you can trigger LOTS
> of vacation-Messages!
> 

Wouldn't that require the "from" info not being forged? I have gotten a couple 
of these and they are definately of the forged sender variety.



--Greg


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Number spam (paranoid guess)

2007-08-07 Thread Greg Skouby 
On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote:
> 
> My most paranoid guess is:
> 
> - Cause: we have summer vacation time ...
> 
> So LOTS of people are on holidays.
> If you use E-Mails with totally useless content which goes
> through all filters for a short time, you can trigger LOTS
> of vacation-Messages!
> 

Wouldn't that require the "from" info not being forged? I have gotten a couple 
of these and they are definately of the forged sender variety.



--Greg

Re: Number spam (paranoid guess)

2007-08-07 Thread Chr. v. Stuckrad 
On Tue, 07 Aug 2007, John Andersen wrote:

> Ok, what is this stuff. 
> All it contains is 6 digit numbers.  What's up with that stuff?

My most paranoid guess is:

- Cause: we have summer vacation time ...

So LOTS of people are on holidays.
If you use E-Mails with totally useless content which goes
through all filters for a short time, you can trigger LOTS
of vacation-Messages!

Then (1) you will have to know, 'who answered' and if you
ar not only a a spammer, but also a 'more criminal mind',
you (2) might even find the typical vacation messages like
"I'm away to china for two weeks, try later ..."!

So you know somebody is *away* and you can safely steal
from the flat, impersonate the owner of the addresse etc...

That's paranoid, I know, but criminals are not always dumb :-)
And lazy anyway, and on the internet too :-)

Stucki  (who never has vacation [messages:-])