[vox-tech] spam current events

Alex Mandel tech_dev at wildintellect.com
Thu Aug 31 15:48:47 PDT 2006 

David Rosenstrauch wrote:
> Peter Jay Salzman wrote:
>> i'm getting hammered with email containing text designed to trick 
>> bayesian
>> filters.  unfortunately, it appears to be quite successful in that 
>> endeavor.
>> the email text is nonsensical, however the email has a gif image 
>> attachment.
>>
>> at first, the gif was always named "image001.gif", and i was able to 
>> REJECT
>> such emails when Postfix detected a gif attachment named "image001.gif".
>> but whoever is sending this got smarter and now the gif file is named all
>> kinds of things.
>>
>> i'm not quite sure how to filter these things anymore other than to 
>> REJECT
>> all gif attachments, which I'd prefer not to do if i can help it..
>>
>> the gif image itself is mostly white with a few colored "threads" here 
>> and
>> there.  i certainly don't see any text, so i'm not quite sure what their
>> purpose is.  perhaps it's some kind of virus?
>>
>> anyone else seeing these things?  i'm getting them a few times a day now.
>>
>> pete
> 
> I'm getting loads of these too, and it's similarly brought down the 
> effectiveness of Thunderbird's bayesian filter.
> 
> If anyone's got a solution, I'm all ears.
> 
> Maybe someone should ask Paul Graham for a solution.  :-)
> 
> On a more serious note, though, I used to use the Popfile 
> (popfile.sf.net) bayesian filter a while back and it was (at least back 
> then) very up-to-date in terms of updating the filter to deal with new 
> kinds of spam that were coming out.  Might want to check the project 
> mailing lists and/or source code and see if they've found any solution 
> for this issue.
> 
> HTH,
> 
> DR

I used a program once, oddly enough it seems like a spammers tool, 
called worldcast. It allowed my to verify that addresses on my list were 
valid through a multi step check which included hitting the email server 
and confirming the account existed.

Is there someway to turn this concept into filtering an email based on 
whether the sender validated as a real email address that exists on a 
real domain.

It seems like a lot of spam spoofs who it's from or in fact has 
addresses that really don't exist at all.

I admit I may be a little naive in how this all works, just poking around.
Alex

OTish: Why the prevalance of nonesense spam. I'm missing the pyscho 
analytic perspective on the purpose here. It's obviously they aren't 
selling anything a lot of the time, and I haven't seen to many spyware 
or virus laden emails lately, just nonesense.

More information about the vox-tech mailing list