[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2004 ]

Re: [edlug] Garbage at end of spam emails

To: Steve Kemp <edlug@xxx.xxx.xxx>, edlug <edlug@xxx.xxx.xxx>
Subject: Re: [edlug] Garbage at end of spam emails
From: Andrew Ramage <nrsc16850@xxx.xxx.xxx>
Date: Tue, 30 Mar 2004 21:49:26 +0100
In-reply-to: <20040330195153.GA25998@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
References: <200403301841.49607.stuartpettie@xxx.xxx.xxxblueyonder.co.uk> <20040330191513.GA6297@xxx.xxx.xxxibalba.demon.co.uk> <20040330195153.GA25998@xxx.xxx.xxxsteve.org.uk>
Sender: owner-edlug@xxx.xxx.xxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

I have had spam with headers like "Your order from Amazon.com is ready djbcb[o'siag" - they are really hard to spot since most title columns are too narrow to show the garbage at the end.

Steve Kemp wrote:

On Tue, Mar 30, 2004 at 08:15:13PM +0100, Justin B Rye wrote:

Stuart Pettie wrote:

Just wondering if anyone can shed light on what function the random words, usally attached at the end of spam emails provides.

Nobody I know has been able to explain it, and it has got us guessing.

What, no replies yet? Or has spamassassin nobbled them all?

I always assumed the random (and therefore non-spam-related) words were there to drown out the giveaways like "certificate of deposit" or "prescription viagra" in various kinds of statistical filter.
 I think they serve two purposes, one which Justin mentioned is to
throw off statistical analysis.
 The second purpose is more subtle, I believe the random words
and the random strings strings appended to an emails subject
are designed to make "identical" messages hash differently.
 There are some anti-spam systems which work by hashing message
bodies, either identically or fuzzily.  If a mail matches a
known bad hash then it can be discarded.  The variations are
designed to subvert this process.
(For reference this is how razor/pyzor work).
Steve
--
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html


--
I am Amnesia of Borg.  Resistance is Futile. Prepare to be ... errr ....
thingy ...

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

Follow-Ups:
- Re: [edlug] Garbage at end of spam emails
  - From: Justin B Rye

References:
- [edlug] Garbage at end of spam emails
  - From: Stuart Pettie
- Re: [edlug] Garbage at end of spam emails
  - From: Justin B Rye
- Re: [edlug] Garbage at end of spam emails
  - From: Steve Kemp

Prev by Date: Re: [edlug] still problems with UML and networking
Next by Date: RE: [edlug] Killer Questions for Microsoft
Previous by thread: Re: [edlug] Garbage at end of spam emails
Next by thread: Re: [edlug] Garbage at end of spam emails
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble@morpheux.org.DONTSPAMME

homepage