Re: regarding spam...

[Ryan Russell <ryan () securityfocus com>]

On Fri, 29 Mar 2002, Marcus J. Ranum wrote:

> Out of 30 messages in the input queue yesterday 30 were spam.
> 27 of those were korean or chinese.

Seems like those ones would be easy to block, if you can't read Asian
languages, and don't intend to allow them to the list.  Just make sure you
can tell body text apart from attachments.  I suppose you might end up
blocking valid messages with both english and another language.  Perhaps
check for English while you're at it?

> It occurs to me that this would be pretty easy to implement,
> with a bit of small extra kludgery. You could build it right
> into an imap server by having it apply the extra processing
> when someone moves a message into a folder called "spam" -
> in fact this way _one_ person in an organization could keep
> an up-to-date set of Eudora filters that would be leveraged
> by everyone in that spam trust ring.

I think the hard part becomes how do you tell if one piece of mail is the
same as another?  If they were absolutely identical, you could ship MD5
hashes around, and everything would be great.  One problem is that many
spam messages are unique in some small way to the recipient, i.e. they
contain tracking info.  Perhaps you then have an algorithm that can
produce a percentage match when two emails are compared?

                                        Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards