[pmmail-list] [nospam] Ultra simple junk email filter
Ralph Cohen
pmmail-list@blueprintsoftwareworks.com
Wed, 15 Oct 2003 18:00:29 -0400
On Wed, 15 Oct 2003 06:17:21 -0400, Steve Ewing wrote:
>In fact, before I used popfile, my
>spam filter was even simpler: if it didn't have my address in the
>"To:" field, it was spam. Caught a surprising number.
It's interesting how spam has evolved over the past few years. When I
first started filtering spam, it was easy to search for particular
words or phases that indicated they were spam. Soon, however, spammers
found ways to disguise a word without removing its meaning like f*ck or
sh*t so a simple word filter wouldn't catch them. Many spammers then
moved to HTML spam mail and became creative in dodging filters by using
code like FU<!--nonsense-->CK in their messages. The <!-- --> codes
are a pair of HTML tags used for hidden comments. When viewed in an
HTML viewer or browser, neither the tags nor anything between them are
displayed so the letters on either side of the tag are joined together.
This can be particularly tough to filter since all of the following
examples display exactly the same way when viewed:
FU<!--nonsense-->CK
F<!--anything-->UCK
F<!--asdfgdas-->UC<!--sl950ksl-->K
FU<!-- -->C<!--=-=-=-=-->K
Fortunately, however, as spammers have become more sophisticated the
tools that they use have become more uniform. This has created new
patterns such as the missing name in the To: field and the database
field names in the message body which can now be used to filter on
instead. Can't wait to see what they come up with next.<g>
Ralph
- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------