-----BEGIN PGP SIGNED MESSAGE-----
kevin lyda writes:
> On Fri, Jan 02, 2004 at 11:52:45PM +0000, Niall O Broin wrote:
> > On Friday 02 January 2004 23:33, Timothy Murphy wrote:
> > > > tsruisoz lcdha dwyrvqa yqdhjrmqy ghxabmpvhl.
> > > > hlrfo wdjfjpun iqrfs kzxsjwf kzspbjrxid. kortzaunuu ckuir drsaqxsrq.
> > > As a matter of interest, why does spam often contain garbage like this?
> > It's an anti Bayesian filter trick AFAIK. Lately I've seen a lot of mail which
> > contain no spam payload but just a load of random words. A grammar checker
> > might be a useful component of a spam catcher, but unfortunately, it'd reject
> > mail from a number of people from this parish.
Nah, it's actually a "hashbuster", attempting to evade hash-sharing
schemes like Razor, pyzor, DCC, and AOL's internal one.
In some cases, they're not random, and the target email address can be
found in those in ROT-13 form; these are so that spammers can figure out
who's complaining about spam to their ISPs and take action (even if
the reporter/ISP removes the headers).
> so that leads to my question - why are they sending total garbage? i've
> seen mails to ilug and in my pending queue with no readable content.
> some are empty, some have just random text. are they just trying to
> poison checksum lists?
The empty ones/ones with only hash poison are buggy spamware or dumb
spammers, forgetting to add the actual spam message. Very annoying.
Michele Neylon said:
> As so many filters rely to some degree on Bayesian filtering the spammers
> are now working on poisoning the databases. Basically you feed the
> Bayesian filter valid words interspersed with crap and confuse the hell
> out of it.
Well, bayes poison generally doesn't work with random words; a Bayesian
filter will ignore words it's never seen before, and just use the ones it
*does* know about, so it's a no-op. So the spammers aren't getting it.
What a smart spammer would try to do is track the likely subjects
discussed by a specific target address, and use random words from that
subject. This also means that the spam using random snippets of Russian
literature is unlikely to have much success getting through most people's
happy new year,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS
-----END PGP SIGNATURE-----
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!