Educause Security Discussion mailing list archives

Re: Strange E-mails

From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Thu, 19 Nov 2009 11:54:34 -0500

That's exactly how we treat them.  They're basically bayesian poisoning
attempts so that if you (over)classify spam- especially globablly- based
on what was marked automatically as spam, rather than more painstaking
evaluation, then eventually you poison your own database with too many
legitimate words.  At that point you often have to start over and retain
your bayesian databases.  We had this happen once so I'm sure it's
possible, but it often takes quite a while to have effect.  We allow users
to have their own bayesian databses and this is occasionally an issue.  I
usually resolve it by simply giving them a better database.  The global
database though should not have this issue as frequently due to more
experienced administration.  


Dexter
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:

Pete Hickey wrote:

For many many years, I've received similar emails.  All the symptoms of

spam

but selling nothing and no attachments, either.

I don't know.

If testing the address, why not have a real payload (spam) anyway.  It

doesn't

cost any more.  Its content isn't really something to elicit a response

either.

Also testing the validity the address is most frequently (and

successfully) done

by including a unique URL which contains the email address as parameter.

I've been receiving things like this from time to time for over 10 years
now, and I don't have a satisfactory answer.


I don't know how credible it is, but I have read theories that the point
of these "plain, normal text" spam messages is to reduce the efficacy of
spam filtering technology. You get a bunch of messages that just say
"have a nice day", you mark them as spam, you start getting more false
positives from your filter because of the training effect, and
eventually the filter gets turned off.

--Matt

-- 
Matt Gracie                        (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS               Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

Strange E-mails Chris Kidd (Nov 19)
- <Possible follow-ups>
- Re: Strange E-mails Timothy Payne (Nov 19)
- Re: Strange E-mails Stanclift, Michael (Nov 19)
- Re: Strange E-mails Martin Manjak (Nov 19)
- Re: Strange E-mails Kevin Wilcox (Nov 19)
- Re: Strange E-mails Ken Connelly (Nov 19)
- Re: Strange E-mails Pete Hickey (Nov 19)
- Re: Strange E-mails Matthew Gracie (Nov 19)
- Re: Strange E-mails Dexter Caldwell (Nov 19)
- Re: Strange E-mails Plesco, Todd (Nov 19)