From: Adam Lanier [mailto:[EMAIL PROTECTED] > > My managment has recently asked me how SpamAssassin is prepared to > deal with a number of recent trends in spam technology. This was > prompted by a recent seminar they attended regarding spam (provided > by an anti-spam vendor who shall remain nameless). > > None of these so-called recent spam trends are new to me or > probably to anyone who deals with spam on a daily basis. However, > while drafting my reply I had the thought that perhaps my answers > would carry more weight if I could include some quotes from other > people in the industry regarding SA's ability to handle spam > utilizing these techniques. I've done some cursory browsing > through the list archives but thought I might solicit some fresh > input from the list-members. > > These are the recent trends raised by my management: > > Hash Busting - slightly modify each copy of message to foil > 'fingerprinting' techniques
SpamAssassin does not use message fingerprinting, so this is irrelevant. > Bayes Poisoning - addition of random dictionary words This method doesn't work as well as people think it does. Bayes simply calculates the likelihood of particular words appearing in spam versus ham. It doesn't matter if the word is part of the spam, or part of the random words. Most of the words that I see used this way in spam messages are not words that I see frequently in my normal email. > Hidden Text - using invisible text in html messages > > Keyword Corruption - using obfuscated text to hide keywords These actually increase the likelihood that SpamAssassin will catch the email. There are rules specifically written to look for this kind of thing. > Tiny Messages - messages with only URL or image SURBL is good at catching these. SpamAssassin looks up the urls that are in the message to see if any of them are known to be in use by spammers. > I'd appreciate any comments on how SA handles these types of > spamming nastiness. I find that SpamAssassin does an excellent job of catching spam. With SA 3.0.1, an actively trained bayes DB, and a few extra SARE rulesets, I only see one or two spam messages per week in my inbox. The rate of false-positives is near zero as well. I don't remember the last time I saw a false-positive in my spam folder. Considering that I get email to webmaster, postmaster, and the address used to register quite a few domains in addition to my personal email, I think this is pretty good! Bowie
