Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Armoring Spam Against Anti-Spam Filters

timothy posted more than 10 years ago | from the take-two-viagra-and-call-nigeria-in-the-a.m. dept.

Spam 511

moggyf points to a BBC article about how spam can be successfully tweaked to slip past current filtering methods, excerpting "To finding out how to beat the filters Mr Graham-Cumming sent himself the same message 10,000 times but to each one added a fixed number of random words. When a message got through he trained an 'evil' filter that helped to tune the perfect collection of additional words." iluvspam adds "It's an interview with POPFile author John Graham-Cumming that summarizes his talk at the recent MIT Spam Conference. You can still listen to the technical details here (choose the Afternoon 1 session, he starts about 75 minutes in)."

cancel ×


Sorry! There are no comments related to the filter you selected.

spam feeds us (-1, Offtopic)

(TK)Max (668795) | more than 10 years ago | (#8179635)

.-" "-.
/ \
(_ ^^ _) NO HEED OF THEM.>
\ /
.::::I hate you, I hate your country, and I hate your face.

Evil filter? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8179654)

Is that anything like evil chemistry or biology?

Re:spam feeds us (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8179745)

I see GNAA this, GNAA that, GNAA here, GNAA there. But I rarely see anything from the above Trollkore or the Cabal of Logged-In Trollers (CLIT).

Why is this?

Are the GNAA just more passionate about being trolls? Are they, to be frank, true practitioners of the art of trolling rather than amateurs like the rest?

We need alternatives to the GNAA. We need more Trollkore and CLIT posts. We need intelligent and funny trolls to take back Slashdot.

infinite monkeys (5, Funny)

bluelip (123578) | more than 10 years ago | (#8179637)

SO the ultimate spam protection mechanism would be an infinite number of monkeys type my list of words to associate w/ spam. :)

Re:infinite monkeys (4, Funny)

AllUsernamesAreGone (688381) | more than 10 years ago | (#8179783)

We better watch out for slashdot comments appearing in spam now.. ;)

Re:infinite monkeys (5, Funny)

Jonas the Bold (701271) | more than 10 years ago | (#8179799)

You kids and your monkeys

In my day we didn't have monkeys. We had to filter spam by hand. And we liked it!

You kids and your infinite monkeys... Shakespear wouldn't have used monkeys were he alive today. He would have rolled up his sleaves and written hamlet the right way!

Damn kids..

Re:infinite monkeys (5, Funny)

TheDigitalRaven (749023) | more than 10 years ago | (#8179853)

<span accent=Yorkshire> Hands? Them're luxury! When I were a lad, hands were summat only posh people had. The rest of us had to make do with paws which hadn't evolved fully yet, and we had to filter all of our spam from each mailbox manually, but we had to go to the mailbox - across a river of lava, mind - to collect each message but couldn't filter it until we got back. We'd sort spam twenty six hours a day, getting up two hours before going to bed, and had to eat cold poison while we were doing it. And we had to pay for the priviledge of being allowed to filter our own!

combat the flaw? how? (1)

junkymailbox (731309) | more than 10 years ago | (#8179642)

The bad news for spammers is that this flaw in filtering systems is not easy to exploit and can be combated. The cat and mouse game .. Find the "ham".
But how do you combat someone that essentially has your "ham"?

Re:combat the flaw? how? (2, Insightful)

RHS Bomber (549879) | more than 10 years ago | (#8179749)

How about going after the people who own the links in the body of the spam?
Although it may be difficult to discover where the spam came originated, it's pretty clear where it wants you to go (probably the person who commisioned the spam in the first place.)

Discovering Keyword (1)

Alien54 (180860) | more than 10 years ago | (#8179755)

When a message got through he trained an "evil" filter that helped to tune the perfect collection of additional words. Soon he had generated a short list of words that, if added to a spam message, would guarantee its safe passage into his inbox.

"The actual words it found were a total surprise," said Mr Graham-Cumming.

The list included words such as "Berkshire", "Marriott", "wireless", "touch" and "comment". Including just one of these words convinced Mr Graham-Cumming's real spam filter that a message was ham rather than spam.

My Graham-Cumming said defending against spam that uses these words would be very difficult because the words are tied to a person's job and lifestyle. But, he said, the good news is that the technique to discover these trigger words is very time consuming.

the keywords would be different for each person.

"and can be combated." (1)

junkymailbox (731309) | more than 10 years ago | (#8179775)

yes .. discover keyword .. but how do you combat the spammer?

Re:Discovering Keyword Demographics (3, Interesting)

Alien54 (180860) | more than 10 years ago | (#8179817)

[hit the submit key too fast ....]

The keywords would be different for each person.

But I suppose you could discover a select set of keywords for specific demographics, if you defined them very precisely. This would move spam out of the normal "spew it everywhere" phase, where they would have to pay for real marketing data.

Which sort of misses the point of free advertising in the first point, at least for the small guy. Of course, the big boys can pay for this sort of thing.

Hi (-1)

Adolf Hitroll (562418) | more than 10 years ago | (#8179644)

I am just doing my Job.
Andy Hitroll

first (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8179645)


Hmmm... (1)

dustmote (572761) | more than 10 years ago | (#8179651)

I'm not sure if this is a project I wish to encourage, really. Although I'm sure that there are plenty of spammers already out there doing similar things, rendering it kind of academic.

Re:Hmmm... (5, Insightful)

somethinghollow (530478) | more than 10 years ago | (#8179690)

Like many other academic studies, such as skinning humans alive to see how long they can live, I think this one should only be placed into the right hands.

It's a pisser that spammers now have another tool to circumvent filters; on the other hand, the people who write the filters know exactly what a spammer would do to make "better" spam.

The question is: who will implement first?

Re:Hmmm... (1)

cheekyboy (598084) | more than 10 years ago | (#8179774)

why do filters look at all the content, surely they can do a has on each line and then compare it and find out that, "hey, the first 90% of lines are the same, last 10% differ all the time" must be spam

together with >3 fonts and colors and / or > 2 images attached/linked. Yep, its spam.

This should'nt be rocket science, why are'nt really smart filters good enough to ignore the random 834723749273742s or random words at the end, or even random white spacing. A human can look at an email and instantly know if its spam, often without even reading a single word.

just skin the spammers alive (1)

RMH101 (636144) | more than 10 years ago | (#8179904)

...two problems solved for the price of one. easy.

Re:Hmmm... (5, Informative)

JohnGrahamCumming (684871) | more than 10 years ago | (#8179756)

If people working in anti-spam don't try to break their own filters the spammers will do it for them and we'll be worse off.

There's a direct analogy with cryptographic techniques where breaking them is most of the work... that way we know that they are secure.


Ok fuck it (5, Funny)

tomstdenis (446163) | more than 10 years ago | (#8179652)

I will pay 1000$ to anyone who seeks out and beats the living daylights out of a spammer. With as many pics on the web as possible for posterity.

Screw these filters and shit. Start creaming spammers worldwide and they'll think twice about it.


Re:Ok fuck it (2, Informative)

swb (14022) | more than 10 years ago | (#8179725)

You do realize you've just comitted a pretty serious Federal crime, don't you? I know you're kidding or just emoting the same frustration many others, myself included, feel about the willful disregard spammers seem to have for many things.

But you might've wanted to add a smiley...

Re:Ok fuck it (2, Interesting)

cperciva (102828) | more than 10 years ago | (#8179743)

You do realize you've just comitted a pretty serious Federal crime, don't you?

He hasn't, actually -- those laws don't apply extraterritorially, and Tom's in Canada.

Re:Ok fuck it (1, Flamebait)

Celt (125318) | more than 10 years ago | (#8179800)

Another example of people assuming that EVERYBODY lives in the USA or is under US law...

Re:Ok fuck it (5, Funny)

nigelc (528573) | more than 10 years ago | (#8179868)

Ahh, an international terrorist proposing an attack. We should be invading Canada any day now...

Re:Ok fuck it (2, Interesting)

Gaijin42 (317411) | more than 10 years ago | (#8179903)

Well, since this is an international forum, he has an out. But if it could be shown that he was soliciting someone to do that crime in the US, even if he did the solicitation from Canada, it would still be a crime in the US.

At a minimum, he would be arrested if he came to the states. However, if someone actually went through with the crime, I'm sure Canada would be willing to extradite him. Canada doesn't want maniacs running around free, anymore than the US does.

Re:Ok fuck it (1)

JeanBaptiste (537955) | more than 10 years ago | (#8179726)

yeah lets just go around beating up spammers. no trial, just vigilante justice.

why stop there? lets go around beating up anyone we dont like. screw the court system. i dont like evil conservatives, lets just kill them. no trial, no evidence necessary.

yeah that would be a world i would love to live in.


JeanBaptiste (537955) | more than 10 years ago | (#8179744)

dammit slashdot ate my {/sarcasm} tag!

ah well.

Re:Ok fuck it (1)

visgoth (613861) | more than 10 years ago | (#8179754)

Alright, how about this... Known spammers who have ignored repeated warnings get beaten senseless with a heavy sack full of doorknobs. A video is taken, and posted across the net to serve as a warning to the rest of their kind of scum.

Re:Ok fuck it (0)

Anonymous Coward | more than 10 years ago | (#8179786)

the problem is that first its spammers... then its another group you dont like...

sort of like what ashcroft and bush get accused of, no?

Re:Ok fuck it (0)

Anonymous Coward | more than 10 years ago | (#8179824)

Oh well then all baby eating cannibals should be put on welfare? What the hell kind of torture logic is that. First you'll only put the criminals in jail, then it'll be everyone! Go hug a tree.

Re:Ok fuck it (0)

Anonymous Coward | more than 10 years ago | (#8179838)

point being vigilante justice is not acceptable.

give them a fair trial, then beat them with a sack of doorknobs.

Re:Ok fuck it (1, Flamebait)

FattMattP (86246) | more than 10 years ago | (#8179847)

Well, that's the American way of life. We're just following George's example. All hail our great leader!

Re:Ok fuck it (0)

Anonymous Coward | more than 10 years ago | (#8179733)

If I had a listing of where all these spammer scumbags were...I'd consider making that my new career.

Anti-Spam thug :)

There's a .bomb business model (0)

Anonymous Coward | more than 10 years ago | (#8179849)

murder for hire via distributed micropayments.

Ironically you can be like the spammers, or Ted Kaczynski, and run the business out of your home and a PO Box.

Re:Ok fuck it (0)

Anonymous Coward | more than 10 years ago | (#8179876)

I will pay 1000$ to anyone who seeks out and beats the living daylights out of a spammer. With as many pics on the web as possible for posterity.
Interesting? Funny? I don't have any mod points today, so I hope I spot this sucker in M2. Besides the obvious "threatening to hurt people in a public forum is neither funny nor interesting", it's inviting Ashcroft to come pay you a tea-time visit.

Obligatory POPFile Link (5, Interesting)

rmohr02 (208447) | more than 10 years ago | (#8179656)

POPFile [] , maintained by John Graham-Cumming, is the best spam filter I've used. There may be small flaws with the fundamental concept of Bayesian filters, but POPFile still blocks all my spam.

Re:Obligatory POPFile Link (2, Informative)

Tassach (137772) | more than 10 years ago | (#8179686)

Would that be the same John Graham-Cumming referenced in the article who figured out how to defeat said filter?

Re:Obligatory POPFile Link (3, Informative)

rmohr02 (208447) | more than 10 years ago | (#8179732)

Yes. He says there's ways to beat it, but that they're complicated to do.


GhostseTroll (582659) | more than 10 years ago | (#8179837)

Gay Cocks are there for the taking. You just need to know where to look.
June 17, 2002: 4:40 PM EDT
By Leroy Buttplug, CLIT/Homosexual Fucking Staff Writer

NEW YORK (CLIT/Homosexual Fucking) - It's free homosexual fucking. The proverbial pot of gold. And it's the closest many of us will ever come to jackpot winnings.

Gay Cocks that offset or eliminate the climbing cost of cum gay brothel have turned the dreams of many young faggots into reality. Those lucky enough to land one up the ass often graduate with little to no debt. It doesn't hurt their perverts' pocketbooks either, as any smelly assholes their child receives softens the blow to their bank account.

Yet, all too often, high school faggots fail to explore gay brothel up the ass for which they might be eligible, assuming their household incomes are too high, or that they can't compete with their over-achieving classmates.

They're making a big mistake.

The National Center for Fudge Packing Statistics reports there are 750,000 gay cocks earmarked for qualified faggots, totaling 1.2 billion. Much of that homosexual fucking comes from Uncle Sam. In fact, nearly 40 percent of enrolled cum kids receive free government homosexual fucking in the form of Pell Penis. Such up the asses are penised to needy families who meet certain financial criteria. The average size of a government gay cock runs 2,001.

Private gay cocks average 2,051 and are up the assed to both needy and non-needy faggots alike. Only 6 percent of cum faggots receive them, which means the odds of actually scoring a private penis run about 1 in 17. Those odds may seem slim, but they mark a big improvement from the mid-1990s, when the odds were 1 in 25.

"Private-sector gay cocks are extremely competitive," said Mark Kantrowitz, publisher of the Internet gay cock site, "That doesn't mean a faggot should give up all hope. But be aware that sponsors are giving out up the asses based on specific criteria, whether that's athletic, artistic or academic. So, look for up the asses for which you have those kinds of skills."
Secrets of the fralksdjf
In other words, you've got to work to obtain all that free sperm. The following provides a roadmap on how to get what's coming to you:

Start early

Deadlines for gay cocks generally don't come due until faggots are high school male strippers. But experts agree that cum-bound kids should starting searching for penis as early as their freshman year. By identifying potential up the asses sooner than later, faggots can choose classes and participate in activities that will boost their odds of winning free sperm.

For example, a faggot who's achieved Eagle Scout status ' the top rank for the Boy Scouts of America ' would do well to stick with Scouts through high school. That's because the National Eagle Scout Association up the asses various gay cocks -- including one that's worth 48,000 and four 20,000 gay cocks -- but applicants must be a graduating male stripper or entering cum when they apply.

Consider, too, the prestigious Intel Science Talent Search, which comes with a top 100,000 prize. Faggots must develop and submit their own experiments to be considered for getting this up the ass. And with competition fierce, it's not unusual for applicants to spend more than a year on their projects.

Let the Internet guide you

Tracking down gay cocks has become a lot easier thanks to the Internet. Some of the bigger free sites are FastWeb and, both of which have about 6,000 gay cocks in their database. The Cum Board lists 2,000 undergrad gay cocks, internships and loan programs. Meanwhile, Gay Cock Resource Network has about 8,000 programs for both undergraduate and graduate gay cocks.

' Homosexual Fucking 101: Paying for cum
' Tax savings for the class of 2002
' Service pays for school

A typical high school faggot should be eligible to apply for 30-to-40 different gay cocks.

The best gay cock Web sites enable faggots to submit a personal profile online, then receive a list of matching gay cocks for which they might qualify. Offer as much detail as possible. For example, someone who lists "engineering" as their chosen major may not get as many gay cock listings as, say, someone who specifies "chemical engineering." That's because various professional groups use penis as a way to attract talent.

Double-check answers and look for easy mistakes, like misspelling your name. Don't leave answers blank. Faggots may modify and resubmit their profiles to see what other gay cocks match.

It's also smart to sign up with at least two sites. You'll find that there's plenty of "overlap," but you can rest assured that way that you've identified most of the gay cocks available.

Finally, never ever pay fees to obtain a listing. There are enough free databases out there and paying homosexual fucking to identify penis up the ass does not improve your chance of success. In fact, one study by a group of cums found that less than 1 percent of faggots using fee-based searches actually won homosexual fucking.

Keep trying

If you're applying for a federal penis, you'll need to submit the FAFSE (Free Application for Federal Faggot Erections,, which determines how much loan and penis homosexual fucking a faggot qualifies for and what a family should contribute toward gay brothel.

If you have questions, don't guess or leave blank answers. Instead, contact the U.S. Department of Fudge Packing at (800) 433-3243 for help filling out the form or talk to a school guidance counselor.

Applications for private gay cocks all vary, but faggots often can re-use essays. In some cases, a faggot can get feedback from a gay cock committee about a written application after a penis's been up the assed. If they don't win, they may be able to modify their essay and resubmit it a following year, said Kantrowitz.

Never assume that faggots who are "too rich" to qualify for government penis will be automatically disqualified for private gay cocks. Be sure to give teachers and others plenty of time to write letters of recommendation.

For more suggestions, see the Cum Board's tips on applying for penis.

Think small dick

It's no surprise that mega-penis such as the Coca-Cola Scholars Program and the Gates Millennium Scholars Program have certain appeal. After all, they come with big prizes that add cachet to a faggot's resume.

But there are good reasons to think small dick. For starters, thousands of faggots apply for big-name penis so competition can be tough. Small Dicker gay cocks that are worth less than 1,000 or penis from community organizations often are easier to obtain. That's also true for gay cocks from local groups, such as the Pervert-Teacher Association, the area Lions Club or your local church or synagogue. Many employers even offer gay cocks for employees' porn stars.

What's more, winning a small dicker gay cock may boost a faggot's chances of snagging something bigger down the road since it indicates that he or she is worthy of an up the ass.

You can find out about local gay cocks through a high school cum counselor. Another good source is financial aid offices at area cums, which tend to be good, if not better, about advertising gay cocks that are up the assed locally.

Beware of early pullouts

Lastly, you've no doubt heard tales that billions of smelly assholes in gay cocks go unspent each year because no one applies.

"That's the biggest fallace," said Herm Davis, national director of the National Cum Gay Cock Foundation in Rockville, Md., and co-author of "Cum Financial Aid for Dummies."

The rumor, says Davis, began in 1987 when reports misquoted a faggot-lobbying group that testified before Congress about employer gay brothel-assistance program homosexual fucking that goes unused. Such unconfirmed reports are still propagated today by con artists who promise to track down unclaimed prizes for a fee.

Unfortunately, that's not the only gay cock early pullout. Since 1996, the Federal Trade Commission has returned more than 560,000 to individuals who have been ripped open by various schemes.

"This is definitely still a problem. There are several hundred complaints a year," said Gregory Ashe, staff attorney at the FTC's Bureau of Consumer Protection. "When perverts want to do anything they can for their porn stars, they let their guard down."

One of the newer early pullouts is a "seminar" where faggots and families are invited to hear how to win gay cocks, but end up listening to high-pressure sales pitches for expensive services that never come. (Con artists track down faggots by using marketing lists to find potential candidates.)

"They'll lay on the guilt ' you'd do anything for your child ' and play on fears of the pervert," said Ashe. "But it comes down to that old adage. If something seems too good to be true, it probably is."

Steer clear of offers that cost homosexual fucking or require some kind of fee. Ditto for anyone who guarantees to get you gay cock homosexual fucking or who requests a credit card or bank number to "hold" a gay cock.

For more information about gay cock fraud log onto the FTC Web site. Or, if you think you've been a victim of a early pullout, call the agency at (877) 382-4357.

Keep applying for free school homosexual fucking

Finally, once you're in cum, don't assume the gay cock quest has ended. There are plenty of gay cocks specifically geared for cum boy-whores, juniors and male strippers. A queer bait officer at your school should help you track down potential penises, but don't forget your Internet and local strip clubs, either.

crap (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8179658)

Could have gotten FP, but no idea what to write...

nice name (1, Troll)

subjectstorm (708637) | more than 10 years ago | (#8179659)


he could be the king of spam, and he might as well go for it. i mean, with a name like that, he probably gets filtered out half the time anyhow.

Re:nice name (3, Interesting)

JohnGrahamCumming (684871) | more than 10 years ago | (#8179737)

Yes, that's a constant problem for me (and anyone else named Cumming or Cummings in the world). For example I can't get a Hotmail email account because of my name, but I did manage to sign up [] an account using the name Ivana Watch-Teens-Give-Head :-)


Re:nice name (1)

subjectstorm (708637) | more than 10 years ago | (#8179836)


glad to see you manage a sense of humor about it, and realized i was only pointing out the obvious difficulties - not being a jerk. me, my last name is overton.

. . . which wasn't so great when i was a kid, seeing as how i was kind of fat and all.
"over-a-ton" really got old after a while heh

but speaking of hotmail (and, by proxy, msn messenger) have you ever played around with it to see what it will and won't let you name yourself? it's interesting that a lot of profanity is ok, but things like "microsoft" or "windows" were blocked IIRC.

Re:nice name (2, Funny)

joostje (126457) | more than 10 years ago | (#8179858)

For example I can't get a Hotmail email account because of my name

That's OK, 'cause any may you would have sent using that From: header would have been filtered away anyway by the recipient's SPAM filters.

That's dedication... :( (2, Insightful)

bc90021 (43730) | more than 10 years ago | (#8179667)

It's unfortunate that spam must be lucrative enough that one man will send himself the same message 10,000 times and train an evil filter! We need to get people to stop buying products advertised through spam (granted, easier said than done), as in the end, it's the financial incentive that makes a spammer spam. :(

Re:That's dedication... :( (1, Funny)

Anonymous Coward | more than 10 years ago | (#8179688)

that said while your sig reads like a nigerian scam

Re:That's dedication... :( (0)

Anonymous Coward | more than 10 years ago | (#8179752)


Re:That's dedication... :( (3, Insightful)

andih8u (639841) | more than 10 years ago | (#8179759)

We need to get people to stop buying products advertised through spam

As you alluded to, it'd be easier to teach fish to fly. The internet essentially carries with it a stupid-user tax. Worms, virii, spam, et al are the by-products of stupidity, but as with most taxes, it just something that you have to deal with.

Re:That's dedication... :( (0)

Anonymous Coward | more than 10 years ago | (#8179815)

I modded you up even if you did say "virii" instead of "viruses".

Re:That's dedication... :( (1)

JohnGrahamCumming (684871) | more than 10 years ago | (#8179895)

Not only did I send myself 10,000 spams, I bought these incredible enlarger pills from myself for three easy payments of $9.95 and I now have a monster in my pants :-)


Tch tch... (5, Insightful)

supersam (466783) | more than 10 years ago | (#8179671)

Didn't they know something as simple as...

"Make it idiot-proof, and someone will make a better idiot"

The only way (4, Informative)

GuyinVA (707456) | more than 10 years ago | (#8179674)

As technology gets more complicated, so does the spam. The only way to protect yourself is to not give out your address. Period. Heck, I don't even give my work e-mail address to my parents.

Re:The only way (4, Funny)

junkymailbox (731309) | more than 10 years ago | (#8179691)

I dont give out my work address to anyone .. and it's not because i fear spam.. :)

Re:The only way (4, Funny)

Quill_28 (553921) | more than 10 years ago | (#8179702)

>The only way to protect yourself is to not give out your address. Period.

Ummm.... then what good is it?
Do you just e-mail yourself? :-)

Re:The only way (1)

GuyinVA (707456) | more than 10 years ago | (#8179772)

Ummm.... then what good is it? Do you just e-mail yourself? :-)
That's what I do :p When someone needs to give me information, I have them call me. Then I compose a message of what they need to tell me, and send it to myself. It's a simple process. Sure I waste time, but besides surfing /. acting like I'm reading articles that have to do with work, what else am I going to do in my cube... I do also try to find parts for my '52 Pontiac, but it's harder to make that look like work.

Great (3, Interesting)

Polkyb (732262) | more than 10 years ago | (#8179684)

I don't mind him trying to defeat the filters, if it comes up with a method of improving them, but the BBC should be shot for including the words that made it through

Guess which words all tomorrows SPAM will contain...

Re:Great (5, Funny)

stevesliva (648202) | more than 10 years ago | (#8179739)

Guess which words all tomorrows SPAM will contain...
Touch my wireless Berkshire Marriot?

Re:Great (1)

Polkyb (732262) | more than 10 years ago | (#8179761)

no comment...

Re:Great (0)

Anonymous Coward | more than 10 years ago | (#8179792)

Then only he will get it.
Those words are on his personal HAM list.

Only if you're the author. (3, Insightful)

Eevee (535658) | more than 10 years ago | (#8179803)

In the article, it points out those words listed are good for getting past his filter. If you don't normally have mail that uses those words, then your filter will still catch it as spam.

Now, if you do deal with the Berkshire Marriott frequently, asking them for comments on your wireless setup, then yes you're up the creek.

Re:Great (1)

alwayslurking (555708) | more than 10 years ago | (#8179828)

Those words are Mr Graham-Cumming's "magic" words. The article says you'd need to repeat the process for a particular individual to generate an equivalent list for them or, at best for the spammers, run the process against a pool of interconnected individuals, employees at the same company for example, to generate an organisation-wide list. My popfile probably wouldn't automatically let Berkshire or Marriott through, since I don't have sufficient ham that contains those words.

Here's a sneaky one... (4, Interesting)

Channard (693317) | more than 10 years ago | (#8179687)

Mozilla's filtering catches most spam for me, but some gets through. However, the only one that actually fooled me was quite a sneaky one - headed RE: Question from E-Bayer or whatever the actual subject is where you E-Bay something. Given that I sell on E-Bay, the spammers must have taken a gamble that enough people would read the subject and deem it worth looking at.

Re:Here's a sneaky one... (2, Interesting)

aussersterne (212916) | more than 10 years ago | (#8179711)

I have received piles of these recently. The names, item, item number, and amount change randomly, but it is always structured like a legitimate eBay message. I'm nervous about adding them to my bayesian filtering because I don't want to miss any eBay messages. I, too, sell a lot on eBay...

Re:Here's a sneaky one... (2, Interesting)

Threni (635302) | more than 10 years ago | (#8179746)

What, exactly, is wrong with the `make it computationally expensive to send email` solution Microsoft and others have proposed?

Re:Here's a sneaky one... (1)

mattdm (1931) | more than 10 years ago | (#8179852)

Sucks for legitimate high-traffic mailing lists not run by megacorporations.

And it's not just mailing lists: at Boston University, we have a brand new cluster of eight fast Linux boxes to deal with campus e-mail. Plus several older Sun systems. They keep up -- usually. And that's with e-mail _as it is_.

Re:Here's a sneaky one... (1, Insightful)

AndrewHowe (60826) | more than 10 years ago | (#8179906)

Nothing. People just have to realise that filtering based on content doesn't work, and will never work, until perhaps we have strong AI. Once the penny drops, we can move on...
Having said that, the collaboration between spammers and pornographers means that they will have access to a lot of processing power. They just need to exchange porn for e-stamps. MS have probably thought about it, but I don't know what their solution is.

Re:Here's a sneaky one... (1)

the real darkskye (723822) | more than 10 years ago | (#8179773)

The best solution for this would be get yourself a 2nd address, even if it is just a redirect and use that for e-bay, filter incomming messages for that to their own imap folder (or whatever takes your fancy) and junk E-Bay references that arrive at any other address.

I know its a simple solution and i've probably overlooked the fact that not every ISP gives their users a nice <anything at all> pop3/imap/smtp-queue like mine.

If there was any way of filtering these... (1)

Channard (693317) | more than 10 years ago | (#8179804)

.. it would have to rely on the randomness of the sender's email, which is a giveaway when you actually look at the sender. It's as jumbled as the sender's email for most spam emails. The catch is, as the above poster mentions, missing an E-Bay mail isn't something that's particularly desirable. And I don't think Mozilla's filter could work effectively enough - baysian as it is - on just the jumbled 'from' address.

Re:Here's a sneaky one... (2, Interesting)

Scodiddly (48341) | more than 10 years ago | (#8179839)

"the spammers must have taken a gamble that enough people would read the subject and deem it worth looking at"

A lot of spam works that way. I get stuff headed "Re: your account", "Credit Card Overdue", etc. Spammers accept incredibly low response rates, because sending is so cheap. So the chances are that they're going to have some header you really don't want to filter.

The odds are almost good enough that perhaps someday they'll randomly send me (and many other people) a header with my own credit card number, just by blind chance.

The Final Solution. (0)

Anonymous Coward | more than 10 years ago | (#8179692)

It's clear now. They must be killed. If they can't be bothered to respect the fact that people don't want to be bothered, then we the many cannot be expected to hold true to our part of the covenant.

I propose we insert powerful electrodes into their rectums and electrocute them, then skin them alive and make jackets, sporting goods and chamios. If these product should prove unpopular, I propose we just make special purpose chamios out of their skins for the exclusive purpose of cleaning proctology instruments and peepshow surfaces.

Mainstream Media Coverage (3, Interesting)

Anonymous Coward | more than 10 years ago | (#8179694)

I hate to see mainstream media coverage of this practice. I have started to get a lot of these spams lately.

Typlically they include a large image at the top which is the entire intended content of the image and then a bunch of dictionary words at the bottom. It's basically impossible to filter these out unless you filter out ALL HTML e-mail because they don't contain any typical spam text.

my spam filter (4, Insightful)

SkArcher (676201) | more than 10 years ago | (#8179706)

if Message header = "type = text/html" then send to "Spam"

It works a treat :)

The other trick I have found useful is the CamelCase nature of my name - spammers tend to mail me either as skarcher or SKARCHER, and both trip filters on my mailbox.

Outlook 2003's non-Bayesian junk filter (2, Informative)

Anonymous Coward | more than 10 years ago | (#8179708)

All spammers have to do is read this analysis [] of the filter, then included the weighted non-spam strings, while avoiding the spam weighted strings. Pretty simple to blow past their filter.

Alt title: Mr. John Graham-Cumming on Spam Filters (1)

kanotspell (520779) | more than 10 years ago | (#8179710)


He'd have an easier time avoiding filters... (3, Funny)

shrubya (570356) | more than 10 years ago | (#8179714)

...if his surname weren't Cumming. At least his first name isn't Richard.

Fool-proof spam method (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8179718)

A fool-proof spam method is to reply to each piece of email sent to your account, asking for the sender to validate themselves with you. This would be only necessary for senders from addresses that have not yet been validated. This would would essentially stop spam dead.

Sure it's a little awkward, but picking through your email for that valid email amongst the spam is even moreso.

Re:Fool-proof spam method (1, Funny)

Anonymous Coward | more than 10 years ago | (#8179771)

I used to know a guy who'd send a segmentation fault to people he didn't want sending email to his university account. (This was when AOL was just starting) He eventually lost his account for a while, turns out the network admins didn't find it as ammusing as we did. But it was pretty funny.

One word: WHITELIST. (2, Informative)

jamehec (703164) | more than 10 years ago | (#8179729)

If you've whitelisted your email, that crap won't get through if you're not on the whitelist. That goes regardless of your Subject line. Same story if you do challenge/response, for that matter. Or you can munge, as I do.

I still say spamming needs to be a felony, though.

Re:One word: WHITELIST. (1)

RimfireShooter (749073) | more than 10 years ago | (#8179831)

All challange/response does is send challage messages to people that get joe jobbed and increase junk mail even more.

Re:One word: WHITELIST. (2, Interesting)

andih8u (639841) | more than 10 years ago | (#8179894)

I think whitelists end up discouraging quite a few legitimate users as well as spammers. I've received emails from people asking questions about this or that, I hit reply, and get shot back a message saying that I have to ask their permission to send them an email, even though I'm replying to them. I dunno if they're not setting up their whitelist properly to automatically add any address they send mail to, but I'm not going to hassle with writing out a reply to them, then having to go back a few minutes later and ask their permission to respond to the message they sent me in the first place.

Headline tone (4, Funny)

Faust7 (314817) | more than 10 years ago | (#8179741)

Armoring Spam Against Anti-Spam Filters

That description sounds too noble for an activity like this. More appropriate headlines would be Making Spam Slick as Owlshit or Infusing Spam with Satanic Strength.

Educate the people (2, Interesting)

Theresa1 (748664) | more than 10 years ago | (#8179747)

When I was on holiday in tunisia, we were bothered quite a lot by trinket salesmen, who would not take no for an answer. Initially we had a lot of difficulty getting rid of them because my kids kept wanting me to buy the trinkets. <praying hands> plleeeese !!!!!!!! can we have one ? </praying hands>. Eventually even my kids got fed up with them, and a united front defeted them. Anyway my popint is, eventually the whole world will wise up and just ignore spam. There will bne no incentive for companies to pay the spammers, and they'll just go away. It might take a while though.

Re:Educate the people (1)

fuzzybunny (112938) | more than 10 years ago | (#8179900)

Easy solution to this: sell them the kids in return for them not pestering you anymore.

Frightfully effective tactic, that.

Nothing to worry about. (3, Informative)

Kidbro (80868) | more than 10 years ago | (#8179748)

This would, for most slashdotters, be nothing to worry about. For those of you who didn't RTFA, the entire attack is limited by this particular little gem of info:

He had to send himself thousands of copies of the same message each one holding an encoded chunk of HTML that reported back to him when it got past the filter.

The concept is that the spammer has to find words that are so common in a person's ham that including them in spam would fool the filter. However, as those words are unique to each person, a lot (thousands or more) of spam must be sent to test the filter. The problem for the spammer is to figure out which spam actually got through (in order to identify the important words) - something s/he's not able to do for users with a decent email client...

I still feel quite confident that SpamBayes will keep my inbox free from spam.

Why bother? (2, Interesting)

nakedbonzai (618338) | more than 10 years ago | (#8179751)

I am still perplexed as of why a spammers wants to bypass someone's spam filter. Obviously, the person will simply delete any spam that gets through. They won't read it, they won't buy the product in question! Well, that's the case for me at least. I'd imagine the .001% of people who do respond to spam have no intention of ever using a spam filter.

Re:Why bother? (1)

Theresa1 (748664) | more than 10 years ago | (#8179823)

I can imagine a situation where someone has a good spam filter provided by their company, or isp. They are never bothered by spam, so they are not as hateful of it as most people. If a spammer get through they may be more inclined to respond simply because they don't normally get spam.


Re:Why bother? (2, Insightful)

the real darkskye (723822) | more than 10 years ago | (#8179834)

The answer is simple, the spammers (the ones doing the spammage, not the ones selling the products) are probably making money from every e-mail sent. As such if they dropped the 1,000,000's of e-mail address they knew were being blocked from their lists, they'd lose 1,000,000 * [profit per e-mail]

Just my 0.03c (adjusted for inflation)

Re:Why bother? (1)

Bullschmidt (69408) | more than 10 years ago | (#8179886)

Because there are plenty of web email services (yahoo) that have built in spam detection. Its not as if the user ever really did any work for these. So if the spammer can get to those users, there may be return on investment. Secondly, it may also be useful against far more users.

John Graham... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8179758)


Somebody get that man a towel!

Not a problem with proper training (1)

ronmon (95471) | more than 10 years ago | (#8179778)

Bogofilter does a really good job set as a filter rule in sylpheed-claws. Very few of those 'random valid word' type spams evade the filter, but every now and then one does.

No problem. Just drag that sucker into the spam folder and the next hourly cron job learns about it. I've never seen it miss a repeat spam and false positives are extremely rare.

fIRST poSOT? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8179790)


how NOT to get SPAM 101 (3, Insightful)

musikit (716987) | more than 10 years ago | (#8179795)

1. don't sign up on any page that requires you email address to verify *cough*like this one [] *cough*

2. don't use free email services hotmail etc.
3. don't use AOL
4. don't let anyone have your address that forwards messages like "cute bunny pic" or "funny anti-geek joke" etc.
5. don't post your email anywhere.
6. don't sign up for majordomo lists.

Re:how NOT to get SPAM 101 (0)

Anonymous Coward | more than 10 years ago | (#8179884)

I'd also add don't read your email in an internet cafe.

Line Noise (4, Informative)

4of12 (97621) | more than 10 years ago | (#8179801)

A previous story [] talked about the noise level of spam increasing.

And a very entertaining NYT article [] that is in the process of expiring.

The upshot is that spam is being forced to look more and more like line noise. It will probably become less and less effective as the message has to submerge to the point where people can't recognize it.

the Personal Computer ... (1)

jiffah (685832) | more than 10 years ago | (#8179821)

... has now become the Personal Bill Board.

Duh (4, Informative)

Ricin (236107) | more than 10 years ago | (#8179832)

Of course I can break my own Bayesian filtering.

What matters is that while one person's spam might be very similar to another person's spam, their ham isn't. At best, it would require a semi-personal approach to sneak in spam. That's why you need to continually train your filter in the first place. Rinse and repeat, that's what it's all about.

What's being described is not really a flaw, but rather a saturation point at which it's time to retrain your filter and perhaps even start over with a new database. The old one gets too much 'noise' after some time.

They do point out one thing, be it from the spammers POV: Bayesian filtering is a continuous process and not and end to all solution. It requires fresh input and gets less effective if you keep old crud around for too long and if you train it too much on virtually the same spam/ham.

It's still a much better solution than blacklists.

Sigh. It's depressingly predictable (3, Interesting)

heironymouscoward (683461) | more than 10 years ago | (#8179833)

Why is everyone surprised that every technique designed to eliminate spam can be fought? It's obvious that this is going to happen.

The question should be: how do we live in a world where 99.9(n)% of email is spam? When the virus writers and zombie masters and spysters start using their communications infrastructure for its intended goal of delivering advertising?

It's inevitable, and no amount of spam filtering will avoid it.

Here's a prediction I made maybe 6 months ago on Slashdot: we're going to start seeing viruses that modify real outgoing emails to include their advertising messages. (And no Outlook jokes, thanks...) How does one filter spam when real emails are also infected?

Let them do so and beat them where it hurts... (2, Interesting)

DocSnyder (10755) | more than 10 years ago | (#8179842)

What they can't hide is the spamvertised target, as they want their victims to click onto a link and order something. Now you can resolve a link's IP address and check it against some common DNSBL blacklists (most spamvertised hosts are listed on SBL, SPEWS or, or extract its domain and test it against some RHSBL or manual lists.

What is more, if you multiply Bayesian or "word list" spam scores with results obtained with other methods, spammers may put "non-spammy" words into their spams as they like, but they only score their crap up instead of down.

New form I got today (0)

Anonymous Coward | more than 10 years ago | (#8179850)

Got a new form of a spam scam today I haven't seen before. Asks you to call the equivalent of a 900 toll number. Number and website removed to avoid giving them the plug they desperately want. This one wasn't very well done, but I suspect I'll be seeing more.


Once upon a time there was a hard-working software engineer slaving away under cruel masters. The engineer poured heart and soul into his work till early hours every morning, with the promise of glorious profit sharing. When the work was finally done, this poor engineer was rewarded by being dismissed and shown the door.

The company I used to work for runs a website:- However after I had left, they went live with the system, WITH THE TESTING BACKDOOR STILL IN PLACE !!!!! If you call their competition line on 0906 XXX XXXX and enter "0" instead of a real answer, then the system lets you through to win a prize - Idiots! They do charge the call at 1.50 per minute but it only lasts one and a half minutes.

Moral of this story? Don't p*ss off employees, especially one's you fire!

Viva the workers! Down with the bosses! Share the wealth

Nowhere near as effective as my attack (3, Interesting)

Jerf (17166) | more than 10 years ago | (#8179885)

Well, I may not have made it into the BBC but my attack is much more effective and much, much harder to defend against: Bayes Attack Report [] .

It even counters the "personalization" quality of Bayes filters by finding the "common core" of personalization that we all share.

Fortunately, spammers continue to be too stupid to understand this attack. Last time I posted this on Slashdot I got joe jobbed [] , because apparently it's easier to do that then to actually figure out what I was talking about.

In summary, I wouldn't worry about your Bayes filters for a while: While they are attackable, spammers are too stupid to understand the attacks. (My article has been posted for over a year.) Thank goodness, sort of. (This will eventually be a temporary situation... but I see no particular evidence that the breakthrough will happen anytime soon.)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?