[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2004 ]

Re: [edlug] Garbage at end of spam emails



On Tue, Mar 30, 2004 at 08:15:13PM +0100, Justin B Rye wrote:
> 
> Stuart Pettie wrote:
> > Just wondering if anyone can shed light on what function the random words, 
> > usally attached at the end of spam emails provides.
> > 
> > Nobody I know has been able to explain it, and it has got us guessing.
> 
> What, no replies yet?  Or has spamassassin nobbled them all?
> 
> I always assumed the random (and therefore non-spam-related) words
> were there to drown out the giveaways like "certificate of deposit"
> or "prescription viagra" in various kinds of statistical filter.

  I think they serve two purposes, one which Justin mentioned is to
 throw off statistical analysis.

  The second purpose is more subtle, I believe the random words
 and the random strings strings appended to an emails subject
 are designed to make "identical" messages hash differently.

  There are some anti-spam systems which work by hashing message
 bodies, either identically or fuzzily.  If a mail matches a
 known bad hash then it can be discarded.  The variations are
 designed to subvert this process.

  (For reference this is how razor/pyzor work).

Steve
--
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage