[Gllug] Re: What's the point of content-less Spam?

Mark Crean mcrean at snowpetrel.net
Tue Apr 27 00:58:28 UTC 2004


On Mon, 2004-04-26 at 22:01, gllug-request at gllug.org.uk wrote:
>Tethys writes:

> Most of them are HTML with web bugs (invisible 1x1 pixel images, that
> refer to unique URLs). That way they can track who has received the
> message. This serves two purposes. Firstly, they can validate email
> addresses that are being read, and hence sell them on for a higher
> price. Secondly, they can test the effectiveness of various bayesian
> bypass techniques they're using, by seeing which ones get past the
> most filters. They then use the most effective one for their actual
> spam, selling viagra, anatomical enlargements, pictures of their
> mother in assorted compromising positions, etc[1].

I'm getting scores of random word spams but practically none with html
(and thus web bugs) or a picture - just a url dumped in somewhere.
Fortunately there seem to be some good third-party rule sets for
spamassassin. I've got a few that deal with the random word stuff on the
basis of "too many long words" - a typical chunk of English text
consists of relatively short words when averaged out. If that doesn't
catch them, then a sweep for suspect urls in the message body often will
(over-long ones, those containing forwarding urls, etc), or for
over-long Subject lines consisting of more random words.

It's just fad. A few weeks ago, the spammers were trying to overwhelm
spamassassin by using accented words and symbols. Clearly that didn't
work too well (plenty of spamassassin rules to pick up obfuscation via
bogus accents, symbols and the like), so now they are trying a new
method of "Bayes poison". Next week, I expect it'll be something else.

:)

Fish






-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list