On Tuesday 03 August 2004 08:18 pm, [EMAIL PROTECTED] wrote: > So here's an interesting idea -- it seems likely that (a) there is a small > number of spammers who send all the spam (we knew that already), (b) they > can be identified from their spam, and (c) by correlating known > fingerprints (such as ROKSO records) against the text, the spammers' > output can then be tracked into new spams. > > In other words, we could identify *which* spammer is likely to have > produced a given spam. > > Anyone interested in trying this out?
Brian said this: > The note attached to that wiki entry that the method requires that > spammers not conciously change their writing style across text is > somewhat inaccurate. It takes a rather LARGE change in writing style, > and some identifying features will always be present. But this assumes the spammers are spamming for themselves. Most of the ROKSO spammers are simply performing a service for their customers, and all they need do is let the customer write the text. Mere knowledge that such analysis was being done (ya, they read this list) would trigger use of other text authors. But assuming away any such objections, what could you do with this knowledge? The analysis is not likely to be useful in court, so its usefulness would have to be merely as another SA test. But do we have to go that far? Isn't that quite a stretch to find yet another identifier, when the current methods are working so well? The single most successful new feature (IMHO) has been SURBL, not only because of its effectiveness in identifying spam, but also because it takes away the economic incentive to spam, by catching anything that even mentions URLs used by spammers. We already know who the ROKSO people are, and that knowledge hasn't slowed them down one iota. -- _____________________________________ John Andersen
pgp1ZnfHbv6OS.pgp
Description: signature
