Having recently started collecting a spam and ham mbox to teach the baysian spam filter I am planning to install (havent decided which one to use yet). I was intrested to recieve a spam which appears to be using counter tactics, using html comments. Observe the wiley spammer:
* Incre<!--dns-->ase ener<!---->gy and card<!---->iac output<br> * Turn bac<!--dns-->k your body's biol<!---->ogical time cl<!---->ock 10-20 years<br> in 6 months of usage !!!<br><br>
You are receiving this email as a subscr<!--catlover-->iber<br> to the Opt<!--catlover-->-In Ameri<!---->ca Mailin<!---->g Lis<!---->t.
To remo<!--dogsbark-->ve your<!---->self from all related mailli<!--me-->sts,<br>just reply with off.
the contents of the comments are obviously inserted into high scoring spam words and contain random non spam words, clearly in this case catlover and dogsbark (2 strings inserted as comments) are not found in many spam wordlists, this accomplishes 2 things, it reduces the number of high scoring words and increases the number of low scoring words - pretty devious - obviously the spammers who live at genemarketmanager.com read slashdot.
Looks like the arms race has begun!
---Arrrg - I cant seem to post the whole spam without triggering slashdots Lameness filters, reason too many junk characters, Ive posted the full message at:
http://www.gamma.net.nz/spam.txt
Note Ive changed the email address but the user is dns hence all the <!--dns--> tags
Slashdot Mirror
Having recently started collecting a spam and ham mbox to teach the baysian spam filter I am planning to install (havent decided which one to use yet). I was intrested to recieve a spam which appears to be using counter tactics, using html comments. Observe the wiley spammer:
* Incre<!--dns-->ase ener<!---->gy and card<!---->iac output<br>
* Turn bac<!--dns-->k your body's biol<!---->ogical time cl<!---->ock 10-20 years<br>
in 6 months of usage !!!<br><br>
You are receiving this email as a subscr<!--catlover-->iber<br>
to the Opt<!--catlover-->-In Ameri<!---->ca Mailin<!---->g Lis<!---->t.
To remo<!--dogsbark-->ve your<!---->self from all related mailli<!--me-->sts,<br>just reply
with off.
the contents of the comments are obviously inserted into high scoring spam words and contain random non spam words, clearly in this case catlover and dogsbark (2 strings inserted as comments) are not found in many spam wordlists, this accomplishes 2 things, it reduces the number of high scoring words and increases the number of low scoring words - pretty devious - obviously the spammers who live at genemarketmanager.com read slashdot.
Looks like the arms race has begun!
---Arrrg - I cant seem to post the whole spam without triggering slashdots Lameness filters, reason too many junk characters, Ive posted the full message at:
http://www.gamma.net.nz/spam.txt
Note Ive changed the email address but the user is dns hence all the <!--dns--> tags