Here's a rule I wrote for just this sort of spam:
rawbody WORDWORD /[a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12}
[a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} [a-z]{4,12} /
describe WORDWORD long string of random words
score WORDWORD 2.0
(Sorry if it wraps, but it's just one long line.)
This has proved to be quite effective and I haven't seen it contribute to a false
positive yet. Think of it: where do you see 12 consecutive words, all lowercase, no
punctuation, and none less than 4 letters long (articles, conjunctions,
prepositions)???
Might be worth a try.
Pierre Thomson
-----Original Message-----
From: Chris Petersen [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 3:19 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] detecting large collections of random words
I've noticed that a lot of spams recently have been following the
random-words technique, with very little "spam" content - often just an
image or some obfuscated text. Has anyone given any thought to writing
up a rule that detects a LACK of punctuation, or a lack of short words
like a/and/the? It'd be easy for spammers to get around, but at least
it would keep them out of inboxes for awhile.
--
Chris Petersen
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
