Re: [SAtalk] Spammers using SpamAssassin to tailor their emails?

Sat, 05 Jul 2003 21:31:23 -0700 

On Sat, 5 Jul 2003, Jack Gostl wrote:

>
> > > Over the past several weeks, I've noticed an increasing amount of
> > > spam that is getting through SpamAssassin with scores in the 4.0-4.9
> > > range. This makes me wonder if perhaps some spammers have started to
> > > taylor their spams as follows: run the default version of
> > > SpamAssassin, feed their messages through it, and keep tweaking the
> > > messages until SpamAssassin lets them through.
> >
> > Train bayes.  Everyone has a different bayes db, and they can't
> > work around that centrally.
>
> The problem I'm seeing is that I'm getting messages with a Bayes of 90%
> but it still slips through with 4.5-5.

I'm positive that spammers are tuning spam to get past SpamAssassin.
Last week, while looking at bounce rejects, I came accross two instances
of the same spam (same body, same open-proxy source) which had scores
that differed by more than 10. The difference was that one had
successfully forged headers to triggger the "nice" score for an
exchange server and the other had type-o's that caused it to miss
the "brass ring" (it got forged outlook header points ;).

I've seen several spam crafted to trip the "nice" scores for good MUAs
(USER_AGENT_*).

I've been adjusting down many of the "nice" scores as they're starting
to just reward clever spammers.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to