On Mon, 2003-08-18 at 14:38, Brian White wrote: > > > If anyone's interested, my part-complete document on listwashing tokens > > > is at http://www.wot.no-ip.com/show.me/Projects/Listwashing_Tokens/ and > > > the rule generator itself is http://www.wot.no-ip.com/cgi-bin/detoken.pl > > > > Excellent analysis! Also we're pretty sure figuring out some way to > > catch these inside SpamAssassin, automatically (ie. without the prior > > rule-building) would be very nifty. > > So that's what those are! I was wondering. > > Wouldn't the Bayes tests be just the thing for these since it's already > adaptive?
The reason I started out collecting ciphers months ago wasn't to block spam but to identify that there are listwashing tokens in the message, to make a spam cleaning utility for reporting purposes. Then I realised bayes doesn't seem to be catching some of them, they're a surefire spamsign which tends to occur more often in lower scoring spam, and there are people who want the rules. > What I can see happening, though, is spammers start using a "salt" so that > the entire string is effectively random. Some already seem to use a lot stronger crypto than others, I have a file full of uncracked. Even with those, the majority are still fairly simple ciphers, they look like the sort of thing a 12 year old might devise, shifts that change every time they hit a non-alphanumeric, things like that. I've had people sending me listwashing tokens for months, and to date I've only seen 2 which I couldn't get anywhere with. I suspect blowfish or similar is beyond the ability of some of them, they can't use what they can't understand, which is why we're seeing variants on classic ciphers. Think about it, if you were trying to hide information in a message, would a simple shift even get considered? If the spammers adapt, they'll be doing it in their time and at their expense, so at least it's cost them something. I'm all for making them waste their time and money. If it doesn't do anything else at least it keeps the pressure on them. > > Brian > ( [EMAIL PROTECTED] ) > > ------------------------------------------------------------------------------- > There's no healthy way to mess with the line between wrong and right. -- Yorkshire Dave -- Scanned by MailScanner at wot.no-ip.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk