[mswindowsxp] Message Filters

  • From: Jim Betz <jimbetz@xxxxxxxxxxx>
  • To: mswindowsxp@xxxxxxxxxxxxx
  • Date: Fri, 12 Dec 2003 10:28:33 -0800

  Although slightly (?) off topic this is a topic of concern
to all of us and does have a "system-O/S" implication ...

  Are any of you out there using "weird strings" as a method of
filtering spam?  I use email filters to eliminate spam.  So 
here is my idea:

    A lot (most?) of the spammers use really scrambled letter
  combinations in the subject, body and sender fields of the
  spam they are sending out.  I have always considered this
  to be a way of foiling my filters - for instance if the
  body of the message is spelled 0xym0r0n (zeroes instead of
  "o"s) then a filter for oxymoron won't work.
    So if you are using spam filters you are probably screening
  for v1agra (a "one" instead of an "i").  Well, the spammers
  have started to put extremely scrambled letter combinations
  in their emails.
    So, I'm thinking, maybe there are some combinations of 
  letters than I can use to filter that wouldn't hit the stuff
  I want and would also foil this approach.  For instance, let's
  say you get an email like I did this morning that has the
  following text in it:

     czobkqoep wcdqvmpe qnftahqxaqg ivmcaapfg zvbewxdhs zxsaxzoxpg 
     zvpthbqfzdv jyfiomgvats vtjbgutw ypmttbmmks qucbgbne fczeqzqlb 
     tgwbbkould gpitqavveaj ljsyafqhgcmi szfgzefltj rmvuaao bcixdarp 
     doltalntpip lcfpermtfyuz vdceyjddyxgt lrmoipgv stqgpgk ameaitnaus 
     megvgwr

    Now I certainly wouldn't recommend creating a filter for all of
  these relatively long combinations.  But it occurs to me that there
  are many short combinations of 3 or 4 letters in this that never
  occur in the English language and, quite probably, not in any
  language.  Examples are "qnft", "zvbe", "zxsa" ... etc.  Perhaps
  using 3 letter combinations wouldn't work - but there ought to be
  lots of 4 letter combinations that you could just filter out
  automatically and not worry about.
    And, it seems to me that it might even be possible to develop a
  set of filters based upon this approach that would affect a LOT 
  of the spam that uses this approach - because it might not take
  very many such filters to affect almost all of these!

  So my question to this group is:  "Is anyone out there doing 
this and what are your experiences with its effectiveness and/or
usefulness?"







==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/winxplist.cfm

Other related posts: