You could strip all withespace and non-alphabet characters from the text, giving you AIUNTSOUXRXAXNXCXE A partial string analysis against any dictionary (let's say the threshold should be 3 chars at least) would not yeald any valid word. Add a thousand points to the spam counter :) Or you could do a letter frequency analysis (well, at least as long the X are present). It's a good thing to do anyway if you want to get around exessive html tagging like <td>S</td><td>P</td><td>A</td><td>M</td> Mark > -----Original Message----- > From: cismic [mailto:cismic@xxxxxxx] > Posted At: Tuesday, October 28, 2003 10:21 PM > Posted To: www.isaserver.org > Conversation: [isalist] Re: OT: Criminal Spammers > Subject: [isalist] Re: OT: Criminal Spammers > > > http://www.ISAserver.org > > I think I should publish all the little tricks that I see them using. > A - - - I > U - - - N > T - - - S > O - - - U > X - - - R > X - - - A > X - - - N > X - - - C > X - - - E > This is one of the latest methods that I've discovered. Very hard to > black this type of crap > Anyone got any ideas? > > Joseph > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Tuesday, October 28, 2003 12:42 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: Criminal Spammers > > > http://www.ISAserver.org > > Yep; got a whole collection of it. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "cismic" <cismic@xxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, October 28, 2003 12:29 > Subject: [isalist] Re: OT: Criminal Spammers > > > http://www.ISAserver.org > > Hi All, > > Do any of you actually save spam? I do since I find it interesting to > see how cleaver folks are when they add filtering crap all around the > click here to go there link's. Some of the new spam kind of > reminds me > of the old ascii art. > > Joseph > > -----Original Message----- > From: Brian Drought [mailto:brian@xxxxxxxxxxxx] > Sent: Tuesday, October 28, 2003 12:03 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: OT: Criminal Spammers > > > http://www.ISAserver.org > > Spencer, > I'm looking for valid words, so it'd look for "Pum.ps" in the SQL > table, not find it and increment the duff word counter. ... > but... I do > like your thinking. I've seen some spam which is along the > lines of 'Or > your money back!!!!'. Excess of punctuation could make the code think > it's a big more spammy (I'm trying to make it so it'll look at lots of > different things and evaluate it that way). > > One thing I've noticed aswell, is some spam has subject lines like: > > "Get pills > jniihiodz jjojod" > > So I could look for a excess of whitespace aswell...... > > Keep the ideas coming folks :-) > > Bri > > ----- > Something I have seen recently is the overuse of punctuation in > sentences! > > For Example (no points for guessing the subject to the spam!) > N.o Pum.ps > - No S.urgery - No E.xercises *_100%_Money_Back_G.uarante.e This seems > to be acceptable to GFI. > > I don't know whether there's a way of counting the punctuation/letters > ratio and tagging them this way. > > ...Spence > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ > Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > cismic@xxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ > Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > All mail from this domain is virus-scanned with RAV. > www.ravantivirus.com > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ > Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > cismic@xxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: isaserver@xxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') >