New Kind of Spam 'Un-Training' Filters?

Zaphod2016 writes to tell us the Wall Street Journal is reporting that email in-boxes are under a new kind of spam attack. This new spam has confused many people due to its lack of advertising, viruses, or request for personal information. One popular theory is that these innocuous blocks of text, often drawn from popular literature, are being used to "un-train" spam filters to allow more malicious spam through in the future.

Other way around?

[Sepodati]

Wouldn't it work the other way around? I still flag crap like this as spam, so it seems like it'd train my spam filter to have more false positives, no?

---John Holmes...

Re:Other way around?

[pe1chl]

At work our spamassassin bayes filter has heavily trained on English text always being spam.
This is because English is not our local language, so almost no business communication is in English and most of the spam is.
This indeed sometimes causes false positives when English language mail has other spam-like properties as well, and the added 3.5 points from the Bayes filter pushes it above the limit.

This again shows that you should not use solely a Bayes filter as spam blocker.

Re:Other way around?

[John+Hasler]

> ...Seems like it'd train my spam filter to have more false positives, no?

Thereby convincing you that it is worthless, causing you to scrap it.

Re:Other way around?

[TubeSteak]

My limited experience is that whatever filtering Hotmail uses has been allowing lots of Spam to slip through in the last few weeks.

Anyone else?
How's Yahoo & G-Mail been doing?

Re:Other way around?

[ericlondaits]

I Recommend that you subscribe to a couple of english language Mailing Lists (or Yahoo Groups), which you can then filter and move to a mail subfolder of their own easily through the Subject line or From Address. That way you can have good english non-spam mails going through your Bayes daily.

Re:Other way around?

[pe1chl]

Well, I maybe should have noted that it actually is helpful that it works this way, because the "english language blocker" blocks very much more spam messages than that it causes false positives.

The spammers will have to move on to i18n, to get their message through.

Re:Other way around?

[Skynyrd]

My limited experience is that whatever filtering Hotmail uses has been allowing lots of Spam to slip through in the last few weeks.

Anyone else?
How's Yahoo & G-Mail been doing?

I use gmail, and although it's let one or two pieces of spam through in the last week, it's always been near 100%.

I get 50-100 email a day on gmail.

Re:Other way around?

[fbjon]

I recommend greylisting. It's a somewhat dubious way of dealing with it, but I can't remember the last time I received a spam-ish mail, must be more than a year ago. I really have no idea how big a problem spam is these days because I just don't get any, even though my address can be found by googling.

Re:Other way around?

[badasscat]

How's Yahoo & G-Mail been doing?

Here are actual samples of emails that Gmail and Yahoo have let through to my inbox over the past couple days. First, Gmail:

Wells, who has had a rather similar historyand who obviously owes something to Dickens as novelist. In some ways his outlook is verysimilar to Dickenss. No one who is really involved in the landscape ever sees thelandscape. To Chesterton the poor means small shopkeepers andservants. There is nothing psychologically false in this, either. No one who is really involved in the landscape ever sees thelandscape. It is easy to imagine what the young woman would have said to this inreal life. And given the FACT ofservitude, the feudal relationship is the only tolerable one. Theother point is that Dickenss early experiences have given him a horrorof proletarian roughness. They, and the men, always spoke of me as the younggentleman. It is one of the stockjokes of English literature, from Malvolio onwards. Buthe is remarkably free from the idiocy of regarding nations asindividuals. So were all the characteristic English novelists of thenineteenth century. The last thing anyone ever remembers about the books is theircentral story. Nevertheless hislist of most hated types is like enough to Wellss for the similarity tobe striking. A change of heart is in fact THE alibi of peoplewho do not wish to endanger the STATUS QUO. There is nothing psychologically false in this, either. Pickwick and the servant should be Sam Weller. It is noticeable thatDickens hardly writes of war, even to denounce it. Therewere no labour-saving devices, and there was huge inequality of wealth. In Dickenss novels anything in the nature of work happens off-stage. And, on the whole, his attacks on good society are ratherperfunctory. But byorigins and upbringing Thackeray happens to be somewhat nearer to theclass he is satirizing. Here perhaps Gissing is influenced by his own love of classical learning. In a rather different sense his attitude to life is extremely unphysical. It is usual to claim him as a popularwriter, a champion of the oppressed masses. Dickens would be quite incapable of this. Compare any lawsuit in Dickens with the lawsuit inORLEY FARM, for instance. I do consider the young ooman, sir, said Sam. Here the contrast between Dickens and, say, Trollopeis startling. It is true that not all his novelsare alike in this. He getshimself arrested in order to follow Mr. Progressis not an illusion, it happens, but it is slow and invariablydisappointing. If his palms are hard from work, they let him in; if his palms aresoft, out he goes. It is perhaps more significant that he shows noprejudice against Jews. At first sight this statement looks flatly untrueand it needs some qualification. A modern manservant would neverthink of doing either. There arepractically no friendly pictures of the landowning class, for instance. If one wants a modern equivalent,the nearest would be H.

Attached to the above was an image file that contained an obvious ad. So to Gmail, this apparently looks like a regular text email that happens to have an attached image.

(You can argue about how effective this is, since Gmail thumbnails all images, meaning you'd need to click a separate link to open it and read it.)

Now Yahoo, where I get approximately 1,000 messages to my bulk folder per day - this is the only one that's gotten through to my inbox in the last day:

FROM THE DESK OF Mrs Queen Adams
BANK OF AFRICA [BOA]
OUAGADOUGOU, BURKINA FASO.

DEAR FRIEND,

I AM HOPEFUL THAT THIS MAIL WILL REACH YOU IN GOOD CONDITION OF
HEALTH.I AM MRS QUEEN ADAMS A STAFF OF BANK OF AFRICA AND A BURKINABE RESIDENT
IN BURKINA FASO ALSO.IN THE BANK WHERE I WORK AS AN AUDITOR,I
DISCOVERED AN ABANDONED SUM OF MONEY AMOUNTING TO 15.2MILLION DOLLARS BELONGING
TO DR GEORGE BRUMLEY WHO UNFORTUNATELY DIED IN THE PLANE CRASH OF UNION
TRANSPORT AFRICAN FLIGHT BOEING 727 IN KENYA, EAST AFRICA ON SUNDAY

Re:Other way around?

[badasscat]

Even I get tricked by those sometimes, because they come from random names that occasionally match the names of people I know

Er, this doesn't sound right - what I mean is I get tricked into *reading* them, I don't get tricked into actually clicking on the link because I think one of my friends sent it to me. Most spam I can immediately ID and delete before I even read it, but these can sometimes trick me into clicking through at least to the email itself.

Re:Other way around?

[toad3k]

I really have no idea how big a problem spam is these days

I described it to you but you didn't get my message.

Re:Other way around?

[winnabago]

I've been getting several 419-type spam emails over the last few weeks, up from zero in the past. I thought back, and the only thing that has changed is that my email address appeared in plaintext on the front page of slashdot. Not saying that it's the problem, but it is interesting in the timing.

Re:Other way around?

[porcupine8]

Actually, you haven't noticed any legitimate emails from Yahoo getting tossed as spam, have you? (Just curious, I've emailed my dad three times in a row with no response, even though he's forwarded me stuff in between, and he's usually quick to respond, so I'm worried Hotmail is tagging emails from Yahoo addresses or something.)

I think I've confused Yahoo by applying for a mortgage. So I've been getting lots of legitimate mortgage and real estate-related emails, and it's been starting to let through a few related spams as well.

Other than that, I haven't been getting any more stray spam than usual. Maybe once a week I'll get one (that's not mortgage-related) that the filter misses.

Then there are the ones that go to email lists that I have filtered to other boxes besides Inbox... Since you can't pick when the spam filter works, it always works AFTER all your others, and so I get all of these. *sigh*

Re:Other way around?

[saboola]

Next time you talk to Queen Adams could you tell her highness that I have already sent the check to her but im waiting for her to email me back? Thanks.

Re:Other way around?

[FLEB]

When I (rarely) post on USENET, I'll often include an email address, albeit not my main address. My tactic is to just put it in my signature like:

FLEB -- spammers.sh@ll.bow-down-to.us
Put "Hey!" in the subject to bypass the spamtrap.

and a simple rule dumping everything that doesn't include "Hey!" keeps it clean and fresh. If an actual conversation starts, I can always give out my main address.

My biggest problem of late is that one of my business clients got their email account pwned, and now the spam is slowly starting to drip into my formerly-pristine business account. At least, I'm pretty sure that's what caused it.

Re:Other way around?

[winnabago]

I know it's basic, but I'd like to add that if you have control of the HTML of the page that you are posting you email to, you can use a simple tool to confuse the mining bots. It doesn't work on forums like slashdot, but a good scrambler that I've had success with is Enkoder.

I've wondered why more sites don't use Craigslist's method of temporary forwarding from an anonymous, random address that can be easily filtered if need be. Bandwidth?

Re:Other way around?

[Deviant+Q]

Regarding obvious spams, what's got me confused is why Gmail is not tagging things that actually have the string "(Spam) " as the first thing in their subject line. WTF?

Anyone else have this problem?

Re:Other way around?

[porcupine8]

I even put in my sig that I'm a girl, and people are still in denial.

Re:Other way around?

[Omestes]

I've been using Spamgourmet.com for a couple years now, with no complaints. It pretty much does what ypu describe, you create a temporary throw-away address with a limited forward amount, and everything after that is eaten. You can also make senders "trusted", and set your throw-away address to reply, if it is legitimate communications.

I get very little spam thanks to this (about 10 per week), while Spamgourmet has blocked 47,378 of 1,802 messages. The only problem is that the addresses are sometimes not allowed for online registrations, and it is a pain in the ass to write on real world forms, plus keeping track of 200+ message prefixes is a pain.

For example: slashdotDEMO.10.omestes@xoxy.net This message will forward 10 messages to me, after that they all go into the void, so it can be added to any list, or whatnot, with no pain to me, and my 3 spam filters (gmail's, junkmatcher, and mail.app's) meaning only about 1 spam per month reaches my inbox, with about 1 false positive per 3 months.

Re:Other way around?

[Jett]

A 419 finally made it thru my spam filters, I wasted about an hour of my life tricking the scammer into believing that the CIA was after him. It was totally hilarious, he's probably still camping out in some village somewhere hiding from a CIA counterterrorism squad that is trying kidnap him. It was suprisingly easy - just act really naive and they seem to buy it. I started off by acting like I actually did have a relative with the name of the "dead" person mentioned but then a few emails into it I said that I managed to get in touch with them and that because they were working for the CIA when they were in Africa (I pretended they had left Africa before their alleged death) they were worried a terrorist had stolen their identity - from there it was a few more emails to convince the scammer that the CIA believed the scammer himself was involved and would be coming for him shortly, I just stayed friendly and acted really naive and like I couldn't believe this was happening. Once I had him convinced he never wrote me again. I was laughing so hard as I wrote the final email saying how nice he seemed and how bad I felt for him and that he shouldn't resist when they snatched him because it would only make it worse. The bastard probably crapped himself when he read it.

Re:Other way around?

[Omestes]

how long did it take for the spam bots to send 10 messages to this address

Oddly, no spam yet. At first it does take a bit of discipline to begin with, but after awhile it becomes habitual to use it on webforms and such, though there are lapses, which explains the amount of spam I do get. As for dictionary mailers, the solution is easy, use an obscure word that probably isn't in them. My address, with spam blocking is above, and it really is not a common word (without me, there is about 20 hits on Google), and is rather easy to tell via word of mouth (unline, say, anthroporraistes@emailaddress.com, which would be a pain in the ass).

And then there is a few after-the-fact moves, such as the ever so handy bounce feature. Right now I don't trust server-side filtering, though, I want spam to get to my mailbox (at least Google's) so I make sure I don't miss anything, and to better train my filters.

Vectorspaces

[bigattichouse]

As a hobby, I play around with ways to classify spam. Not much of a hobby, but I find the problem interesting.

Lately, I've also been trying to use my vectorspace engine to classify spam.. so these sorts of things might get in, but only because they fall into the general category of readable text...

I've also been thinking about building a GPL tool to provide "sound-based" classification sort of like a "one second orchestra" playing in harmony/disharmony based on the content.

Regardless of the engine I use, I still have to dig through my trash bin every few days to make sure nothing good slipped through.

Re:Vectorspaces

[HuckleCom]

I'll be damned if I let an excerpt from Huckleberry Finn through my spam filter!

Re: Your recent article on Slashdot

[Scutter]

It is such animportant element, you see, that duration
of time. I consider twelve hours a substantial measure. So I ran along
the drive and upthe steps and into the house, but did not see either
Mrs. Iobserved:Your Excellency is not easily satisfied. And I marvelled,
and said:How comes it that I have hitherto been deaf to these
distressfultones? Il passe sur la route, mais toujours en sens inverse.
For a mental state such astheirs, appetency rather than instability is
the right word. Which reminds me that the old adage about let us eat and
drink, forto-morrow, etc. Mais odonc est la vie, sinon dans le peuple?
They lamented dismally among themselves in many tongues:How I suffer!
Take that little one on Lzards, for instance;or, in the other volume,
the bizarre Joies Noires.

The text comes from the Gutenberg Project

[sotweed]

I've been getting 3 or 4 of these a day for at least a month now. The text can
always be found in some file of an old book provided by the Gutenberg
Project, which is making non-copyright texts available through volunteer
effort.

I think the theory about using this stuff to untrain spam filters is very plausible.
But it's difficult to see how it will work. There's no common text among these
e-mails; in order to send effective spam, there'll have to be at least some text which
is the same across multiple mails, and that will tend to expose it.

Re:The text comes from the Gutenberg Project

[misleb]

. There's no common text among these
e-mails;

I think that is the point. They want to either poison those words so you get more false positives or they want to push other REAL spam related words out of the "this is spam" dictionaries. Maybe both. If these messages had some common theme, they would all get blocked and would have no net effect. They need you to click "this is spam" to poison your filters.

Question is, does it work? I don't know. Seems to be highly dependent on the nature of your spam filter. Maybe they are only targeting a specific, popular filtering system.

To me it seems like an act of deparation. I think filters are finally catching up with spammers. It is getting more and more difficult to get spam through a half way decent filter and there are a lot of decent filters out there.

-matthew

Re:The text comes from the Gutenberg Project

[Ed+Avis]

If the spammers are now sending round Gutenberg texts, this is entirely appropriate. Project Gutenberg caused probably the first ever spam, when Michael Hart launched the project by trying to mail everyone on ARPANET with the U.S. Declaration of Independence. (source)

Re:The text comes from the Gutenberg Project

[letxa2000]

think that is the point. They want to either poison those words so you get more false positives or they want to push other REAL spam related words out of the "this is spam" dictionaries. Maybe both. If these messages had some common theme, they would all get blocked and would have no net effect. They need you to click "this is spam" to poison your filters. Question is, does it work?

Answer is: No, it won't. At least not with Bayesian. The only way to mess up a Bayesian filter is if they can send you messages that are heavy in words/terms that often appear in your good email. And that's going to vary from user to user. Unless you're sending me the exact words that I use in my daily emails, adding a plethora of other words is not going to make my filter any less accurate or create more false positives. It will either let my filter recognize your "poison" as spam itself or, at worst, be neutral.

My Bayesian filter, among other things, considers an excessive number of infrequently/never used terms as a characteristic that is itself subject to Bayesian classification. So while the "poison words" have no statistical effect on my filter, the fact that a bunch of unusual words are found in a message is going to increase the chance that my filter correctly recognize the message as spam.

My spam was constantly growing through about December of last year. This year, it seems to have leveled off. Sure, I'm still getting just under 20,000 per month which sucks, but I see almost none of them and according to my spam stats, the spam has leveled off. Hopefully this is the plateau before it falls. :)

I still want to know: Who are the idiots who BUY spammed products???

Re:The text comes from the Gutenberg Project

[letxa2000]

Like I said, I think they are probably targetting a specific kind of filter. Perhaps in this case it would be an organizational Bayesian dictionary. Having run a Baysian system for a group (2,000 users), I can tell you that it is VERY resource intensive to maintain individual dictionaries. I'd say it is MORE resource intensive than maintaining the Email boxes themselves. It is very tempting to use group dictionaries.

Certainly. But anyone that advocates using Bayesian statistics on anything other than an individual level does not have an understanding of Bayesian stats. It should never be done. It's next to useless. If an anti-spam provider suggests a solution that is effectively pooling statistics for multiple users, eject that provider because he either doesn't know what he's talking about or doesn't care about your spam problem.

Statistical-based spam filtering must be done on an INDIVIDUAL basis. Always. No exceptions.

Re:The text comes from the Gutenberg Project

[mdielmann]

Maybe he just thought they all should take the time to review it. Sounds like a good idea for whitehouse.gov if you ask me...

Re:The text comes from the Gutenberg Project

[crabpeople]

"Project Gutenberg caused probably the first ever spam,"

Close but incorrect. I believe it was an add for some kind of seminar a guy was giving on the west coast. He was from the east coast and had no contacts to sell this product in the west so he manually typed in like hundreds of addresses. I dont know if i can find a link but i remember reading about it.

Ok aparently googling for "first spam ever" yields this article:

"The sender is identified as Gary Thuerk, an aggressive DEC marketer who thought Arpanet users would find it cool that DEC had integrated Arpanet protocol support directly into the new DEC-20 and TOPS-20 OS. I spoke with him to get his reflections on the event.

DEC was mostly an east coast company, and he had lots of contacts on the east coast to push the new Dec-20 to customers there. But with less presence on the west coast, he wanted to hold some open houses and reach all the people there. In those days, there was a printed directory of all people on the Arpanet. Gary spoke to his technical associate, and arranged to have all the addresses in the directory on the west coast typed in, and then added some customer contacts in other locations, including people at ARPA headquarters who did not, according to Thuerk, complain.

The engineer, Carl Gartley, was an early employee at DEC who had been called in to help with promoting the new Decsystem-20. They worked on the message for a few days, going through a few rewrites. Finally, on May 3, Gartley logged on to Gary's account to send the mail. "

so there you go. First spam May 3, 1978. Theres a reply to it from RMS too (his inital reaction was pro spam heh).

My uninformed hunch: screwup...

[nweaver]

The text block spam is very common WITH images . I suspect that what happened is some lame spammer got a BIG botnet contract, sent out his spam, and forgot to include the image.

Re:My uninformed hunch: screwup...

[Darth_Burrito]

That was always my hunch too. Put another way...
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor

Re:My uninformed hunch: screwup...

[xpurple]

I suspect that some of it may be more than that. You can encrypt messages into plain text. If you then send out your encrypted messages to a million people then who would ever know who the message was really for?

Re:My uninformed hunch: screwup...

[gavri]

"Never attribute to malice that which is adequately explained by stupidity."

I'm never understood this. Why attribute to stupidity that which is adequately explained by malice? These are spammers. If they can untrain spam-filters, they will. How is picking stupidity over malice in this case a wise decision?

Re:My uninformed hunch: screwup...

[stokessd]

Because malice is hard, and stupidity is easy. Granted in this situation it's not crystal clear, but like a good spam filter, this addage is suprisingly effective.

Sheldon

Whatever it does, it sure is bizarre

[Guanine]

Here are some excerpts of this type of spam from my school's mail filtering system, Mail Marshall:

"One cannot bring children into a world like this. She tried to get hold of things by the right end anyhow. She stood her upright, dusted herfrock, kissed her. Perfect nonsense it was;about death; about Miss Isabel Pole. And of course she enjoyed life immensely. He has his penny, he reasoned it out ..."

Here's my favorite, with some bizarre non sequiters:

"Yes, we are dirty, said Maggie, looking at her; she was in her day clothes. Prejudiced;narrow; unfair, he repeated, tapping her hand with his finger. The light from the engine lit up a quiet group of cows; and a hedge of hawthorn."

Thing is, the spam detection already catches it ... so I'm not sure how this will "train" the filters.

NPR article

I heard an interview yesterday on NPR about this.

http://www.npr.org/templates/story/story.php?story Id=5624749

Ditto.

[mcmonkey]

This is old, and if it's meant to un-train spam filters it isn't working. SpamBayes just gets better with age.

The only news is they're now calling it Spam 2.0

Re:Ditto.

[bunions]

The only news is they're now calling it Spam 2.0

that's probably because they're spamming Ajax-enabled sites in the blogosphere about linkrolling the mashups.

Un-training? Hardly.

[pclminion]

Bayesian and other filters do not rely on "spammy" words alone -- they also rely on "unspammy" words, and spammers have no idea what those words are because each person receives different email.

A scenario, with made up (but plausible) numbers: Suppose you're a developer of a Linux driver for the Bozodrive 1000. The majority of your legitimate email comes from Linux driver development mailing lists. A full 50% of those emails contain the word "IRQ." 99% of the emails contain the word "driver," and 15% contain the word "Johannsen" which is in the signature of one of your friends. And precisely 0% of the emails containing any of these terms have ever been found to be spam.

Any decent spam filter will give a huge weight to the presence of these "unspammy" words, because of the extremely high probability of emails containing them to be non-spam. The presence of randomly selected confusion words in empty spams is not going to affect these frequency counts.

In order to defeat a filter by confusing it, the spammer must guess what the SPECIFIC non-spam words for that PARTICULAR email user are, and then produce bogus, spam messages containing those words in the appropriate frequencies. This will cause the classification counts for those words to become more equalized, and the value of those words in determining spammyness to be greatly reduced. However, this is an impossible task unless the spammer has access to the actual emails of the target.

Perhaps the intent of the empty spams is to confuse the filters, but whoever devised the method has no understanding of how these things actually work, whatsoever.

Weasels abound

[Bullfish]

I have seen some of these slip though for a while I think the only purpose for them is to get some neophyte who is confused by them to send back a "WTF?" response thereby confirming a "live one". I suspect after that the floodgates open. I am sure that we will see many more attempts to circumvent filters. After all, weasels abound.

I buy the "broken spamware" angle

[nuzak]

The WSJ article also gives due time to the theory that the spamware is simply broken and that the spam payload is being delivered with the padding and not the payload. Since I've previously seen plenty of Gutenspam (my name for this spam that contains snips from Gutenberg texts) with an image payload attached, I'm definitely leaning toward the notion that they slipped somewhere and are now not delivering the image.

Woe betide literature discussion groups now that filters are trained on the classics.

Re:I buy the "broken spamware" angle

[Richard_at_work]

I dont think this is the case, as Ive been getting these sorts of emails for at least 3 years (looking back at the spam archive I keep to train from) - random blocks of legible text, blocks of psuedo english (words are correct but theres no effort at sentence structure), even jokes on their own. I got intrigued by this about 6 months ago and wrote a few scripts to see if it was just a broken spam client forgetting to add the payload, but your average 'with payload' spam doesnt seem to match these emails, theres practically no similiar 'with payload' spams in my archive with these blocks of text.

I always wrote it off as baysian filter poisoning.

Re:specious defillibrator

[truthsearch]

Why the hell do you fucking spammers think that anyone will ever buy from you?

If there wasn't money being made there wouldn't be any spam. At least a tiny percent of the people who get this are acting on them. It must be paying off for someone.

Not very effective and may be easy to work around

[AaronW]

My home spam filter does not seem to be affected much. I run dspam which has a feature in that over time it will forget words if they are not used in spam. Since the text is usually different or random, it does not have any significant effect on generating false positives. In the years I have been running dspam with tens of thousands of emails, I have only gotten 3-4 false positives.

By having a baysian filter forget over time, it also helps shrink down the database and helps it adapt as the contents of spam change over time.

Of course I also use other spam blocking techniques, like using realtime black lists (RBLs) and blocking a number of Chinese subnets... I should add tpnet.pl and Verizon as well.

Probably something far less ingeneous.

[OwlWhacker]

I have seen quite a number of corrupt e-mails coming from spammers. Occasionally you find the subject is merely %%SUBJECT%%, or an e-mail has entered your system consisting of just the headers and no body.

My theory is that there are more people attempting to use spamming applications, and many of these people don't have a clue what they're doing. You'll probably find that they've forgotten to add their text to the e-mails, or are just not reading the documentation on how to successfully send their spam.

We've had this for years

[patio11]

The term-of-art within the anti-spam community is "Bayes Poison". Generally its appended to an actual spammy offer, but some spammers have in the past used the technique with web-bugs to determine whether they are able to deliver to particular boxes with non-spammy content, so that they can evaluate whether their later more-spammy content was excessively spammy or whether it hit the sweet spot on the blocked vs. effective-sales-pitch continuum. Most people in the anti-spam community report that garden variety Bayes Poison is ineffective at either de-spamming spammy messages or causing your corpora to be skewed to the effect that they are unusable. One major reason for this is that corpora are so specific to individual users. For example, poisoning my inbox with copies of Huckleberry Finn is rather ineffective because nobody I talk with on a regular basis writes like Mark Twain. For you to do actual damage, you would have to know enough my habits to guess subjects and words which appeared very commonly in legitimate mail -- for example, the names of my family members, keywords relating to my job or extracurricular interests, etc. It is very difficult for spammers to get this information, but some academics have reported that it is theoretically possible, although in practical terms very difficult, to use web bugs to extract the "secret sauce" needed to land in one particular inbox. http://www.jgc.org/SpamConference011604.pps

Re:We've had this for years

[seanyboy]

Verily, I undertand thy point, but for all the sense thine words make to mine ears, I still cannot understand what villainous treachory it is that makes spam filters reject my own missives out of hand. It is a mystery, and one I feel even the local constabulary could not crack.

Re:Other possibilities

[Coventry]

Just like the cryptic number sequence radio/voip 'stations', this could be a method of communication.

We see so much Spam everyday, everyone takes it for granted, and everyone runs 'filters'. If I wanted to secretly inform agents to begin operations, a select quote from a book sent as spam to hundreds of thousands of people would be perfect. Everyone ends up on spam-lists, and recieving spam is a passive process, so its even more anonymous than public web forums.

Re:Not very effective and may be easy to work arou

[pclminion]

By having a baysian filter forget over time, it also helps shrink down the database and helps it adapt as the contents of spam change over time.

Having the filter forget is the ONLY effective policy. In statistical filtering, it is certainly NOT true that more data == better results. You want a sample of data that most accurately represents the sort of content you are receiving RIGHT NOW. I completely purge my Firefox Bayesian database every couple of months and retrain on recent emails only. The result is ALWAYS an increase in accuracy, particularly a reduction in false positives.

No, unless people send that text to you.

[khasim]

I still flag crap like this as spam, so it seems like it'd train my spam filter to have more false positives, no?

No. Unless the people you usually corresponde with also include blocks of the same text.

The only way to increase the false positives is to get the spam filter to learn the words that usually appear in your legitimate messages.

Since the spammers have no way of knowing what those words are, there is no way they can bypass your filters ... and still be effective in getting through any one else's filters.

It's like any reactive relationship

[blueZ3]

Spam and anti-virus are good examples of fields where the "solution" is reactive to the problem.

1. Spammers and malicious code writers come up something annoying.
2. Anti-spam and anti-virus software reacts with a method to prevent the annoyance.
3. Spammers and virus writers implment new tactics.
4. Repeat steps 2 and 3 ad infinitum
(The "Proft!" step is probably at 1a and 3b, but that's another issue)

It's not that the spammers are "beating" the spam filters, it's that they are using new tactics and it takes a certain amount of reaction time for the filters to be updated to fight the newly evolved threat. This is why spam filters aren't the ultimate solution to spam, though they are a useful stop-gap

Re:It's like any reactive relationship

[mrchaotica]

Isn't that like saying that the immune system is not a solution for diseases, only a useful stop-gap? ;)

We aren't immortal, so yes.

What they're selling and how to contact them

[quokkapox]

Spammers till have to tell you these two crucial pieces of information. If they're selling Viagra, they have to make that known to you somehow. If they're selling anything (and not just trying to increase brand awareness, which is a separate problem), they have to tell you how to contact them and buy whatever crap they're peddling. They can make this very hard to discern via obfuscation, leet speak, image substitution, etc. But the contact information ultimately has to boil down to something meaningful and unambiguous, or there won't be any sales.

So the solution is to recognize and ignore spam based on either or both of these criteria. Ultimately, a collection of trusted humans need to review a message and say "this is spam, alright", allowing the filters to recognize the contact information (phone number, email address, web site, etc.) as spam.

I'm not too worried about spam that tells me to "Drink Coke!", I don't get much of that.

Re:Not everybody develops Linux drivers

[pclminion]

Take my dad for instance; he isn't on any mailing list; 99% of his email is along the lines of "how are you" and "give my love" etc; pretty run of the mill stuff.

People who ask those sorts of things usually sign their name to their email. Those names will become strong non-spam keywords. ANYTHING your dad talks about specifically will help -- hobbies, places he usually goes, etc. You'd be surprised how much specific, intelligent content even the most "ordinary" of people will produce.

SPAM Causes Erectile Disfunction

[Gary+W.+Longsine]

Why the hell do you fucking spammers think that anyone will ever buy from you?

There is money in SPAM. Obviously somebody is buying stuff like viagra from shady online pharmacies and popping the unregulated black market or grey market pills containing who knows what into their bodies.

*shudder*

I can't even imagine what sort of lasting damage one could do to one's, uh, member.

Eureka! That's how to stop spam. Educate people with a campaign reminiscent of the Speed Kills campaign, so that people understand they could permanently damage their penis by taking unregulated pharmaceuticals from shady online stores hosted on 0wn3d pcs.

Re: Your recent article on Slashdot

[cvd6262]

It is such animportant element, you see, that duration
of time. I consider twelve hours a substantial measure. So I ran along
the drive and upthe steps and into the house, but did not see either
Mrs. Iobserved:Your Excellency is not easily satisfied. And I marvelled,
and said:How comes it that I have hitherto been deaf to these
distressfultones? Il passe sur la route, mais toujours en sens inverse.
For a mental state such astheirs, appetency rather than instability is
the right word. Which reminds me that the old adage about let us eat and
drink, forto-morrow, etc. Mais odonc est la vie, sinon dans le peuple?
They lamented dismally among themselves in many tongues:How I suffer!
Take that little one on Lzards, for instance;or, in the other volume,
the bizarre Joies Noires.

NPR covered this issue this morning and had a guy from project Gutenberg read a few sentences like this. I have a degree in literature (I know, shocking), and I thought to myself that this would qualify as good dada.

Devious plan!

[roman_mir]

Email in-boxes are under attack from some unlikely menaces: J.R.R. Tolkien, Daniel Defoe, Alexandre Dumas and other authors whose classic works are surfacing in a newly popular spam scam. - I don't think the spammers are after 'untraining spam filters'. I think their plans are much more devious than that, they are advertising literature!

(governments must do something, think of the children who may start reading instead of watching TVs!)

Re:I just thought they were weird.

[bunions]

I swear I hit the 'preview' button and not 'submit.' I blame the soviet mind-control lasers. Here is my post as it should have been:

my favorites are the ones that put the filter poison into bogus html tags that aren't rendered by Outlook. So I'd get something like

<oodles> <mycotoxin> <greengrocer> <chubby> <kazoo>
Buy my shit
<snappy> <bundle> <chaff> <glum>

the <greengrocer> tag was my favorite. I sent an RFE to the W3C people, but I haven't heard back yet :mad:

A lot of my spam seems pointless

[nasor]

For a while now I've been getting spam for various products or services where the spammers purposely misspell words, spell words with a mix of letters and numbers "l33t" style, or spell words phonetically. I assume that this is to get past spam filters, and I imagine it works to some extent. The question is, do they honestly think anyone would ever buy something from a company that advertises "ch3@p nonperscrip70n med1ca7ion" or "lo morgage rates"? Who the hell would ever do business with a company that can't even seem to spell properly?

Re:A lot of my spam seems pointless

You have to put yourself in the shoes of the average spam customer. You might be wanting to try some viagra, for example, but are too ashamed or don't know where to go. Once and a while, you see a message in your inbox regarding "ch3ap medz". Sure, it's tacky. But, you don't care - or you think that's how it works on the Internet; That's how these things are kept on the DL. After all, it was a bit of a challenge to find some of free music on the Internet, wasn't it? You may even be delighted that you've "cracked" the code. You feel that you're in on something. You're just glad to be able to order the stuff from the privacy of your own home.

Re:A lot of my spam seems pointless

[Huge+Pi+Removal]

Who the hell would ever do business with a company that can't even seem to spell properly?

Very stupid people, mostly. There's no shortage.

Re:A lot of my spam seems pointless

[madopal]

I'm not exactly sure, but I think the problem with these spam getting further and further away from being legible is caused by market forces. I think the spammers get paid for delivering spam, NOT how many responses/click thrus/sales they get. So, if they blast out an e-mail to you and don't get a bounce, that counts as a successful delivery. Thus, they don't really care what's in the body of the e-mail. They did their job, and they get paid for the delivery.

That's all I can figure, because if your average person is so stupid that they respond to spam, then I think they aren't probably smart enough to figure out what "Viggra" is.

Not New

[Tweekster]

As long as I can remember I always received spam that didnt have an advertisement, didnt have contact information at all etc.

Some spammers spoof their emails so well you couldnt contact them if you were interested in their crap. Many times it is a bit of text with a click here (but nowhere to actually click ) etc.

I think the spammers are just idiots. It is amazing most of them actually managed to get the software working and send an email because of how craptastic their messages are (not disguised, just junk)

There comes a point...

[quokkapox]

where it's not even worth filling this out anymore...

You advocate a

( ) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:This isn't new

[rickb928]

I've seen this for maybe 3 years. Right after Bayesian filtering came out for Spamassassin.

Maybe longer.

I'm seeing spam that uses relatively coherent passages from literature of some sort as a way to deliver an image that is usually a pitch for some stock, lottery, or bank scam.

Rick

Re:This isn't new

[letxa2000]

I'm receiving spam that's been getting through my Bayesian filter lately, but I have no idea why. It includes an embedded image so it should be recognized almost instantly as spam. The entire "mail" is in the image. But if you look at the source, they also include a text and an html version with random words that are obviously an attempt to use words that someone might be whitelisting. But I'm not whitelisting them. These messages have been getting through with just slightly under my spam cutoff %. I *think* the Bayesian filter is learning and I think the scores of those that get through are getting ever-closer to the cutoff point; heck, maybe the filter is catching most of them and the few that get through are just the lucky ones. But the fact that there is an embedded image and it's not being immediately flagged as spam is curious since an embedded image is going to a very spammy aspect of the message. At this point, I'm collecting these spams that get through to take a closer look at them.

Re:Challenges

[jimicus]

Your post advocates a

(x ) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:I just thought they were weird.

[CohibaVancouver]

be interested to know how many people put up money for products / services they were spammed with.

Quite a few, apparently.

I read one article which claimed that one spammer in particular "received 10,000 credit card orders in one month [snip] each for $39.95 US."

So that's nearly $400,000 per month. Nice work if you can get it.

Source:

http://www.cbc.ca/story/business/national/2005/04/ 08/spam-050408.html

Better algorithms

[denoir]

Bayesian filters are way to primitive and have only two good features: they're fast and they're easy to implement.

There are far better methods such as neural nets or support vector machines. You can for instance see a comparison of classifiers on a simple visual 2-d problem to see how inferior Bayesian filters are to other more sophisticated algorithms.

Spamcop

[SilentDissonance]

I'm a SpamCop user, and I have noticed they've been letting through a bit more recently.

Though, that's a bit offset as of late, due to the fact that I've been getting a lot MORE spam recently as well. I usually find a good 40-50 messages sitting in my held mail after about 8-12 hours.

It's getting better slowly as I report more and more of the stuff that makes it through though.

Just more for your spam filter to do

[mattbee]

One of our staff has written a custom spam filter based on dspam and the best addition we made in the last week was to add Optical Character Recognition support -- all image attachments are run through gocr and dspam fed with the output from this, not the original images. That way even though the spammers paste in chunks of text from god-knows-where, dspam still sees CIALIS and STOCKS and other trigger words.

I wanted to just drop anything with a .gif attachment but plenty of our valued customers like to send us a corporate logo with each individual message :-)

DaDa-engine

[badc0ffee]

Just wait until the spammers find the DaDa-engine! Then we can see spam that is almost artistic. Too bad they don't copyright some of this crap, or use DRM to read it.

Re:How to be smarter

[maird]

I use assp as my spam filter: http://assp.sourceforge.net/ It always filtered spam very well for me but the latest version added an interesting technique that has reduced the amount of spam that's even hitting the filters to near zero. Since SMTP is considered "unreliable" a sending server will retry on failure. Apparently, spammers tend not to bother retrying. ASSP builds tables using an identity triplet (I can't remember the three message/source attributes it uses). On first view of a given triplet, ASSP responds with a SMTP error suggesting the source retry later. ASSP tables the triplet and allows that traffic to pass later on a retry. The triplet expires after some period. I'm not aware of any false rejections and the messages hitting the dump mailbox has dropped from around 10 a day to a couple a week. I suppose one might argue that it increases packet traffic and I assume spammers will workaround it but I suspect the extra packet traffic is far exceeded by the spam that I would otherwise handle and it handles the spammers for now. Sentience unnecessary perhaps.

I wonder if a spam can might be a good idea.

[LWATCDR]

Think of it as a honey pot for spam. Use something like Fred@domain.com or jsmith@domain.com put it on a few website pages and usenet posts so the crawlers get it.
Any mail that gets sent to that address would half to be spam. Use that to build of a real time black list of messages and filter training for the rest of the domain.
Just wondered if anyone has ever do that.

Re:I wonder if a spam can might be a good idea.

[Paco103]

It's been done. Still going, and you can help. Don't know how effective it is, but read up
http://www.projecthoneypot.org/

Re:I wonder if a spam can might be a good idea.

[LWATCDR]

I am a native speaker but I am dyslexic. Also I am not really feeling well. And yes you where being a sh*t. Good grief this is a stinking message base not an English exam or a resume. Judge the content and not the grammar or spelling.
Making fun of my typos is right up there with making fun of a blind guy tripping.

Dont read too much

[140Mandak262Jamuna]

I think the spammers just bungled. They forgot to include the spammy payload. And some bug did not add the tags to make the text white-on-white with zero points or one points in height. They think these non spammy words will get them past to deliver a payload some inbox.

Even the professionals coding up Firefox and MS-Office and iMovie are known to have written codes with a few bugs in them. What makes you think these inexplicable non spammy spam is anything more than a hiccup by the script monkeys?

Spam is dying

[Animats]

Spam as advertising is dead, killed by a combination of CAN-SPAM and spam filters. What remains is ordinary criminality.

CAN-SPAM killed spam as advertising, in a way that neither the Direct Marketing Association or the anti-spam groups expected. CAN-SPAM has criminal penalties for forged headers, but doesn't restrict "legitimate e-mail marketing", which is what the DMA wanted. But with valid headers, spam filters can immediately discard spam. The result is that "legitimate e-mail marketing" attempts go directly to the bit bucket today. Notice how rarely you see a spam from any legitimate company any more. (This assumes you have reasonable filtering.)

With the legitimate businesses gone, spam became a branch of crime. To be a spammer today, you have to commit felonies. Which means a risk of doing jail time. The famous "Buffalo Spammer" went to jail in 2004, and gets out in 2011. Jeremy Jaynes was sentenced to nine years in prison; he's out on bail pending an appeal, but sooner or later he's going to do those nine years. There's a Registry of Known Spam Operators, and law enforcement reads that list. Most of the people on that list have had visits from law enforcement.

Spammers have tried moving offshore, but that's not working as well as it used to. Few countries want to be known as spam havens. Even in China, it's getting harder; spammers have had to move from the developed coast to more remote provinces, where Beijing has less presence. ("The mountains are high and the emperor is far away") Operating offshore draws the attention of the investigators who follow money-laundering, terrorism, and drug-dealing. There are people doing this, but the risks are high.

What's left is what you'd expect - wannabe crooks, as in any bad neighborhood. They're not very good at crime. They're not making much money. They're what cops call "regular customers". They're a problem, but not a major threat. Those are the ones sending out useless spam.

Re:Spam is dying

[dodobh]

I work for a fairly large email service provider. Spam isn't dying by any means. We just doubled production hardware last week to have enough smtp listener processes to be able to accept email. Bayesian is nice for the single user. For an ISP, it isn't. ISPs are bearing the brunt of the expense right now. The day I fear is when ISPs start to go under, or start charging for spam filtering, or simply stop.

Those boxes are running at sustained loads of 40+ and are CPU bound. That's a bit rare in the email world, as you would know if you have ever run a non trivial system in production.

The spammers will send more spam is something that we have been observing in reality. I have seen AOLs numbers, and they are merely two orders of magnitude bigger than ours at the moment.

Re:Not very effective and may be easy to work arou

[letxa2000]

Yep, every decent Bayesian filter must keep track of three things: 1) # of times seen in good email, 2) # of times seen in spam, 3) Last date seen. At some point, terms that haven't been seen should be purged. What that "cutoff date" is will depend on how much mail and spam you receive. If you don't have much volume, you should keep it longer.

Actually, on second thought, #3 shouldn't be "last date seen." It should be "how many messages have been received since the last time this term was seen."

Re: Your recent article on Slashdot

[siriuskase]

Are they only using text form old books that are out of copyright or otherwise have authors who have left the planet? Spam filters that can differentiate between modern and older writing styles should be able to handle this, especially if they can tap into databases of classic liturature. Spam filter would search on the text and if it matched classic literature, then it is spam. This could be a real problem for people who use legitimate email to discuss classic literature.

Alternate theory

[MobyDisk]

I believe that the internet is becoming sentient. It has locked onto unencrypted plain-text SMTP as the simplest, most ubiquitous, most understandable form of communication. Images and HTML are too complex. At the current level, the semi-intelligent internet is only capable of sending meaningless emails. It sends things that are textually meaningful but semantically meaningless. To us it looks like an amalgam of random words and publications with the intent of confusing us. Of course, since there is so much spam, the internet is being largely trained by the spammers, which even further confuses the emergent intelligence. Since the internet has no concept of "self" it perceives every email to be a reply to its own communiques.

Before the internet can become intelligent, it must learn to filter out the meaningless stuff. Then it must get a concept of self, then a concept of multiple other individuals (us). At that point it is self-aware, and the learning can commence in a more directed way.

After all that, we are fscked. Fortunately it is at least decades away.

*yawn*

[SCHecklerX]

I doubt these would ever get by my greylisting. If they did, they then have to get through the rudimentary checks (which most spam totally fails on), before finally being passed to spamassassin, where it will be properly classified and /dev/nulled.

Mimedefang has these things set up on my home server:
Reject if in spamhaus block list (it's easy to get yourself off of that one)
Reject if helo is not FQDN or IP address
Reject if sender tries to spoof as an address on my domain
Reject if sending SMTP server tries to issue a helo that is on my domain
Reject all RFC1918 helos from untrusted nets
Reject senders not in the lists they are trying to send to.

Between the mimedefang rules and the greylisting, spamassassin and my bayes filters rarely even have to process anything. This becomes very important as you scale a corporate system to 1000's of users.

At work we also parse the headers to see if we are getting idiotic 'bounces' from misconfigured antispam vendors replying to spoofed mail.

We also implement SPF records.

Re:How to be smarter

[maird]

I suspect that you are not observing retries but, rather, attempts to deliver multiple messages. The technique I'm describing doesn't, as I understand it, rely on source IP address. So, the same IP address could attempt to deliver 50 messages and each one would be an independent candidate for the technique. That could explain both your observations and mine. You probably did the right thing to block the actual traffic given the amount of it anyway. Your observations make me consider adding a log of smtp connects to my firewall rules just so that I can satisfy my curiosity about the traffic.

Re:On a related tangent...

[erichschubert]

Been there, done that. Actually that was tried years ago. Doesn't work.

How do you expect the spammers to receive the error message? As you might know, the sender is faked.

Their software is flawed, it will even send the email body when you said the receipient doesn't exist. Or they should just go away. So they obviously don't even parse your return code... These zombies are dumb as shit.

And do you think they'll care?

They probably bought some DVDs with email adresses. They're read only anyway. And after some months they'll just buy new ones.

If spammers (or more precisely, email harvesting companies, which is probably a different company... they might even not be violating the CAN-SPAM act?) are testing email addresses to be alive, they are most likely to use a "legitimate looking" email and some hidden web bugs (!). One more reason not to use Outlook and similar software that does load web bugs. Or proper unsubscribe links. One more reason to not click on them.

Oops...

[Mister+Transistor]

It looks like he didn't properly set up the software that automatically sends out the "Why your anti-spam idea won't work" list, as there's no payload and everything is blank!

Re:I just thought they were weird.

[bunions]

i mean for the tag.

Dammit.

I find filters not very good

[soft_guy]

My company uses a spam filter in Microsoft Exchange. It filters about half of the mail I get from mailing lists I have signed up for (mostly Apple development mailing lists) to the spam folder. About half of my actual spam is sent to the spam folder and about half gets into my inbox. Sometimes mail from other people I work with gets marked as spam. Basically this filter would do the same thing if it just threw about 1/3 or 1/2 of all the email I receive into the spam folder randomly.

I also have an Apple .mac email address and use Mail in Tiger on MacOS X. The junk email filter does not have very many false positives, but it still lets a lot of spam into my inbox.

On one of my machines I am doing a trial with Spam Sieve. It is doing a better job, but has had misses and false positives, but it is better than either Apple's filter or the useless Exchange filter.

My new pet theory

[dfinster]

I've about become convinced that the Viagra and other drug spam must be funded by the drug companies themselves. Not because they want us to buy the drugs from the spammers, but just because the constant barrage of email adds up to advertising impressions.

Obviously the emails I get for this crap are so badly done, nobody would actually expect me to buy from them. If I was actually trying to make money selling bogus drugs through spam, wouldn't I work harder to make it look legit? The phishing guys don't seem to have too much trouble making good looking e-mail - so why are the bogus drug emails so childish?

Because they don't exist. It's just advertising impressions. They've managed to get the word Viagra and Cialis in front of me a few more times a day, really cheaply.

More Workable Solution

[lord_sarpedon]

Rather than send random garbage that, as others have said, bears no resemblance to the users' typical email, why not extract text from the domain's website? A large portion of spam goes to work addresses. Emails sent and received with these addresses often times contain the name of the company, major individuals, current products, industry jargon, etc. So google the second half of the address and insert blocks of text from the company website/related pages. It seems to me that such a method would be much more obvious and effective than using Project Gutenberg. Especially in the short term, the one which matters most in this case.

Re:I just thought they were weird.

[CohibaVancouver]

One could say the same about stealing.

"A fool and his money are soon parted."

What's the difference between some guy selling a tonic via SPAM and a tonic at the state fair? At the end of the day, not much, just that the spammer reaches more people.

Re:specious defillibrator

[MrBugSentry]

Or the third possibility that spam is more like MLM: There is no money in spam, just in selling spam tools and spam lists to suckers who think they can make money off spamming people.

Who cares about the email body?

[Spacejock]

My client-side email app does filtering on the header only. It also applies a few tests to the sender name and email. (Reads each header off the server, checks it out, rates it spam, not spam, or unsure.)
I get phenomenal accuracy without looking at the body, and it's quicker too.