| Author |
Topic: How smart are spamming tools? |
Donny Hinson
From:
Glen Burnie, Md. U.S.A.
|
Posted 30 Nov 2006 2:20 pm |
|
Yes, the ones the spammers use to deluge us with junk mail. Recently, I got a load of e-mail with the subject "______ wrote". Okay, after about a week of that garbage, I add "wrote" to my e-mail filter, so any e-mail with "wrote" in the subject line gets auto-deleted. Next day, I get a new batch (seemingly from the same senders) with "hi it's ______" in the subject line. Okay, I add "hi it's" to my mail filter to block them, and the next day I get the same thing with "hello i'm _______" in the subject line.
It almost looks like they can tell what my filter is set up to block!? Do spamming programs have an algorithm that changes subject lines if the mail is rejected? |
|
|
|
Dave Potter
From:
Texas
|
Posted 30 Nov 2006 5:00 pm
|
|
| Quote: |
| so any e-mail with "wrote" in the subject line gets auto-deleted..{snip}..It almost looks like they can tell what my filter is set up to block!? Do spamming programs have an algorithm that changes subject lines if the mail is rejected? |
IMO, in your scenario, the spam wasn't "rejected"; you (your filter) simply deleted it. The distinction is that once you receive it, whether you keep or delete it, there's nothing sent back to the sender that could be used for the purpose you suggest.
Even if a spam email is rejected based on an invalid "to" address, and an "undeliverable" response were auto-generated, I doubt the spammers (or their "tools") could react, based on the sheer numbers involved.
If someone knows this isn't the case, please feel free to post.
BTW, I'm getting those same spams. I've mentioned here lately that I've been playing around with a free spam filtering application called POPFile (derivation is that it works with any POP email account, and "files" emails based on user specifications). I've only had it installed a few days now, but it's nailing all those "____wrote", "Hi, it's ____", and "Hello, I'm ____" spams - they're going in the Trash. It's even catching the junk "stock tips" that have the text buried in a graphic. 
It's still in its "learning" mode and has called some legit messages "spam" too, so it's too early to conclude anything.[This message was edited by Dave Potter on 01 December 2006 at 02:34 AM.] |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 1 Dec 2006 5:52 am
|
|
| Quote: |
| ...there's nothing sent back to the sender that could be used for the purpose you suggest. |
Exactly so. Your mail server (from whom you POP your mail) has already accepted it. An e-mail is considered delivered when your provider's server accepts it, not when you download it.
| Quote: |
| I doubt the spammers (or their "tools") could react, based on the sheer numbers involved. |
The real issue is that the Reply-To address has been forged by the spammer so they never even receive the bounce. Which itself then bounces. Some poorly congfigured mail servers will then attempt to deliver the "bounced" bounce message back to the admin at your mail server. So now that single piece of spam has generated three messages. Multiply that by billions sent daily and you begin to see the scope of the problem. I've got powerful tools on my mail server and some of these double bounces still get through.
Donny, spammers simply change the subject headings frequently to foil simple word-matching filters. Your best bet is a program that uses Bayesian filtering, of which POPFile is one of the best. And it's free. |
|
|
|
Jack Stoner
From:
Kansas City, MO
|
Posted 1 Dec 2006 6:19 am
|
|
| I use the "filtering" in ZoneAlarm Pro. Any message that does not have an e-mail address that is in my address book is automatically sent to the Anti-Spam folder in my Outlook 2003. I can then look at them and see if there is anything legitimate that I want or want to "allow". The rest I delete. Can't get much simpler. |
|
|
|
Dave Potter
From:
Texas
|
Posted 1 Dec 2006 11:03 am
|
|
| Quote: |
| The real issue is that the Reply-To address has been forged by the spammer so they never even receive the bounce. |
It's worse than that most of the time. Not only is that header fake, but usually, so is the originating IP address, domain name, just about all of it. So, not only is it impossible to send anything back to them, it's equally impossible to use WhoIs or similar to trace them.
Many spam filters have the capability to block domains, blacklist senders, all those kinds of things, but they're mostly useless, since spammers spoof all that stuff, and change it with every new spam. That's why I decided to give Bayesian filtering a go. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Dec 2006 2:32 pm
|
|
MailWasher Pro has a Bayesian filter and learns quickly. Additionally, it has checkboxes to teach the learning filter how you classify a message, in case it gets it wrong.
I created my own custom rules to block image spam for stocks and after a few days the Bayesian filter learned to identify them as well. However, my rules delete these spam messages automatically, so I don't get to see if the learning filter is still flagging them, but I'm sure it is.
Most of the current crop of spam messages I get are sent from compromised home computers that have been drafted into botnets. I have actually seen a computer that was zombified and read the email scripts that were used upon command to send spam runs from it.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. Learn about using a Limited User account to protect your PC. Read my FAQs.
[This message was edited by Wiz Feinberg on 01 December 2006 at 02:33 PM.] |
|
|
|
