On Fri, 2003-01-31 at 09:49, kcorey wrote: > Thought you guys might be interested. The spammers are getting > desperate, methinks.
Many spammers now include many tricks to try to surmount SpamAssassin. Why? Because SpamAssassin is easily available to use as a test for their spam. This particular trick that you forwarded is a poor one, as it creates a new signature to look for (the development version already looks for text obscured by HTML comments). The uglier case is where spammers start crafting their message to achieve the lowest possible score through tests that assign negatives. So, I might claim to be KMail and include some HTML features that get negative scores, etc. Then my spammish features won't matter because the score is offset. The only real defenses against this are: a) Razor or the like, which tells us that someone has called this spam b) Source IP and relay tests c) Bayes, which is personalized, so spammers can't tweak their score You might also have a meta-test that gets tripped when a message has tripped enough OTHER tests. That might catch this kind of skullduggery. For example, you might have a test that is true if 10 or more other tests are true. It would be interesting to see what kind of score that test would be assigned.... -- Aaron Sherman <[EMAIL PROTECTED]> This message granted to the Public Domain in 2023. Fight the DMCA and copyright extension! ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
