Full Disclosure mailing list archives

RE: spam with anti-bayesian parts

From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Tue, 13 Jan 2004 09:58:25 +1300

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Suresh Ponnusami
Sent: Tuesday, 13 January 2004 12:30 a.m.
To: vogt () hansenet com; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] spam with anti-bayesian parts

Actually most of the spammers use automated tools that contains some
scriptable plugins to evade the spam filters. Since they spam more that
1000's of users at a time, picking something real might be a bit slow and
requires extra processing. Even if they create a template for all the

mails,

that'll take up some time which they may not want to waste on. Also,
introducing random gibberish noise might be able to get through bayesian
filters because, that particular gibberish junk may not be in 
the database.


That shouldn't help them if spam marking software is written properly (and
many aren't). If something is not in the bayesian database, it will be given
a neutral value (like 0.5 probability of being spam). However, their
marketing words (viagra or whatever) will give a high probability (more than
0.9). As software should take only first 6 or so most spammy tokens into
play, all that gibberish won't matter.

One thing when that will help them is when they only include one IMG SRC in
HTML e-mail, and if that link wasn't before in the database. That way
Bayesian classifier won't have a change to know what's going on as possibly
everything could get neutral values. In that case, other rules should help
(like RDBs and so on).

For more info I'd suggest checking wonderful Paul Graham's Web page at:

http://www.paulgraham.com/antispam.html


Also, Jonathan's DSPAM has some nice documents at the Web (I'm pretty sure
he'll reply to this as well). You can find this at:

http://www.nuclearelephant.com/projects/dspam/


Cheers,

Bojan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

spam with anti-bayesian parts vogt (Jan 12)
- Re: spam with anti-bayesian parts Paul Farrow (Jan 12)
  - Re: spam with anti-bayesian parts José María Mateos (Jan 12)
- Re: spam with anti-bayesian parts Suresh Ponnusami (Jan 12)
  - RE: spam with anti-bayesian parts Bojan Zdrnja (Jan 12)
- Re: spam with anti-bayesian parts Gismo C. (Jan 12)
- Re: spam with anti-bayesian parts Nick FitzGerald (Jan 12)
- Re: spam with anti-bayesian parts Jonathan A. Zdziarski (Jan 12)
- <Possible follow-ups>
- Re: spam with anti-bayesian parts Feher Tamas (Jan 12)