Sean Redmond said the following on 19/11/02 21:42:
Assuming they could solve the problem of the headers, the spam of the future will probably look something like this:But Graham's analysis is wrong here. If you want to defeat bayesian filters, the spam of the future will look like:
Hey there. Thought you should check out the following: http://www.27meg.com/foo
because that is about as much sales pitch as content-based filtering will leave the spammer room to make. (Indeed, it will be hard even to get this past filters, because if everything else in the email is neutral, the spam probability will hinge on the url, and it will take some effort to make that look neutral.)
</quote>
Also I understand his explanation, only the most interesting tokens are considered in calculating the likelyhood that it's spam, so watering down the body of the message should only makes the interesting things more interesting.
__BEGIN__
<p>
Hey there. Thought you should check out the following:
http://www.27meg.com/foo
</p>
<div style="bgcolor: white; foreground: white;">
Package description:
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
Semi final time and we had the other Manchester club, beating them at Burnden Park 1-0, with a goal from Colin Harvey. After the game, all the Evertonians went nuts, when we heard that Sheff Wed had beaten Chelsea, in the other semi. Most Toffees thought,
that not only would we win the FA Cup, but we would not concede a goal, alas that lasted only 4 minutes (It seemed that early
to me anyways) but justice prevailed and Everton Football Club, finally brought the coveted FA Cup back to Goodison Park, after
a wait of 33 years, with a 3-2 triumph!
This E-Mail, and any attachment, is sent in confidence for the addressee only.
Unauthorised recipients must preserve this confidentiality and should notify the
sender immediately by telephone on XXXX-XXX-XXXX and must delete the
original E-Mail without taking a copy. If you are not the addressee you
must not copy, distribute, disclose or use any of the information in any way.
</div>
__END__
This covers a fairly broad section of people's training data (a linuxy type mail, a football related mail, and a corporate legal disclaimer), and so those things will be the "interesting" tokens from the ham corpus.
Of course now I've given the game away, so it'll be interesting to find out if spammers read this list and follow my advice :-)
(on the flip side, the above becomes blatantly obvious to SpamAssassin, because we can trivially detect things like this).
Matt.
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
