On Thursday, December 9, 2004, 8:28:47 PM, Loren Wilton wrote: >> These are the recent trends raised by my management: >> >> Hash Busting - slightly modify each copy of message to foil >> 'fingerprinting' techniques
> Since SA doesn't do fingerprinting this doesn't have quite the desired > effect. > It can break a meta rule looking for particular text, but the quick answer > is generally to modify the meta with a new term or two. After about three > tries you end up with a rule that will catch most all the variations. > And in any case Bayes doesn't care much about minor variations, its all spam > to it. >> Bayes Poisoning - addition of random dictionary words > Makes really GOOD spam identification. I hardly ever send or receive email > containing a page of Cicero in the original Latin. Spammers do. > In addition, most of these things are mispunctuated and often have other > interesting characteristics that make them fodder for some pretty generic > rules. I have mine scored at 10 points each. It isn't unusual to manage > to hit 80 points with one of these things. >> Hidden Text - using invisible text in html messages > Makes really GOOD spam identification. :-) >> Keyword Corruption - using obfuscated text to hide keywords > Makes really GOOD spam identification. >> Tiny Messages - messages with only URL or image > These are harder. Fortunately they almost always follow one of a handful of > standard pattersn that make them amenable to catching with fairly simple > rules. And the key point is that if commercial anti-spam vendors are using points such as these to either differentiate themselves from other commercial efforts or SpamAssassin, they're either: A) Using SpamAssassin underneath B) Inferior to SpamAssassin C) Equivalent functionally to SpamAssassin Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
