17.086 anti-spam

From: Humanist Discussion Group (by way of Willard McCarty willard.mccarty@kcl.ac.uk)
Date: Sat Jun 14 2003 - 03:51:09 EDT

  • Next message: Humanist Discussion Group (by way of Willard McCarty

                    Humanist Discussion Group, Vol. 17, No. 86.
           Centre for Computing in the Humanities, King's College London
                         Submit to: humanist@princeton.edu

       [1] From: Vika Zafrin <vika@wordsend.org> (16)
             Subject: Re: 17.079 anti-spamming software

       [2] From: Willard McCarty <willard.mccarty@kcl.ac.uk> (51)
             Subject: the irony of spam

             Date: Sat, 14 Jun 2003 08:46:04 +0100
             From: Vika Zafrin <vika@wordsend.org>
             Subject: Re: 17.079 anti-spamming software

    Jessica P. Hekman writes:

    >The downside is that some people find confirmation messages annoying. I
    >sympathize with this, but TMDA is still the best answer to spam I've seen

    For what it's worth, every time I've gotten a confirmation message, its
    text said something to the extent of "sorry, I know this is a nuisance, but
    once you've replied, you'll be added to the whitelist and won't get any
    more of these." I don't know whether these people were using TMDA, or
    indeed whether TMDA has such a feature, but just to clarify - it is
    minimally intrusive, and doesn't make sender confirm every message they
    send to a person.



    --[2]------------------------------------------------------------------ Date: Sat, 14 Jun 2003 08:47:45 +0100 From: Willard McCarty <willard.mccarty@kcl.ac.uk> Subject: the irony of spam

    This in response to Humanist 17.79 on the "whitelist" approach to control of spam. I agree that the odd confirmation message is hardly a chore, but I do wonder about the impact of a whitelist design on people who get massive amounts of e-mail. My average is about 315 messages/day.

    SpamAssassin appears to be working very well for me. So far in ca 2 weeks of using it, spam has been reduced by at least 90% and no message I have wanted to read has been wrongly classified. I can certainly live with the 10% while the mechanism for filtering is improved. It will be interesting to see if spammers continue to learn from the techniques used against them. Here, for example, is a typical analysis of a spamming message:

    >Content analysis details: (11.60 points, 5 required) >NO_REAL_NAME (0.7 points) From: does not include a real name >FROM_ENDS_IN_NUMS (0.7 points) From: ends in numbers >HEADER_8BITS (1.2 points) Headers include 3 consecutive 8-bit >characters >INVALID_DATE (0.6 points) Invalid Date: header (not RFC 2822) >ONLY_COST (0.0 points) BODY: Only $$$ >EXCUSE_10 (0.0 points) BODY: "if you do not wish to receive any >more" >HTML_30_40 (0.8 points) BODY: Message is 30% to 40% HTML >HTML_FONT_COLOR_RED (0.1 points) BODY: HTML font color is red >HTML_MESSAGE (0.0 points) BODY: HTML included in message >HTML_FONT_COLOR_BLUE (0.1 points) BODY: HTML font color is blue >MAILTO_LINK (0.0 points) BODY: Includes a URL link to send an email >MIME_HTML_NO_CHARSET (0.0 points) RAW: Message text in HTML without >specified charset >BASE64_ENC_TEXT (1.7 points) RAW: Message text disguised using base-64 >encoding >WEIRD_PORT (0.0 points) URI: Uses non-standard port number for HTTP >MAILTO_TO_SPAM_ADDR (0.4 points) URI: Includes a link to a likely spammer >email address >MSG_ID_ADDED_BY_MTA_3 (0.3 points) 'Message-Id' was added by a relay (3) >DATE_IN_FUTURE_03_06 (0.9 points) Date: is 3 to 6 hours after Received: date >FORGED_MUA_OUTLOOK (3.3 points) Forged mail pretending to be from MS Outlook >MIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts >MANY_EXCLAMATIONS (0.8 points) Subject has many exclamations >MIME_BOUND_NEXTPART (0.4 points) Spam tool pattern in MIME boundary >AWL (-0.5 points) AWL: Auto-whitelist adjustment

    The above testifies to a rather crude message that leaves itself open to rather obvious identification as spam. But I wonder if in the push to get messages by such tests as the above and the countermeasures devised against them we don't learn something useful about language. Look on the bright side? Develop a better sense of irony? Warfare has always driven technological progress; apparently the online porn industry is responsible in part for ever better bandwidth. Could spamming yield breakthroughs in text-analysis?

    Yours, W

    Dr Willard McCarty | Senior Lecturer | Centre for Computing in the Humanities | King's College London | Strand | London WC2R 2LS || +44 (0)20 7848-2784 fax: -2980 || willard.mccarty@kcl.ac.uk www.kcl.ac.uk/humanities/cch/wlm/

    This archive was generated by hypermail 2b30 : Sat Jun 14 2003 - 03:55:32 EDT