On Fri, Mar 07, 2003 at 06:54:08PM -0500, David F. Skoll wrote:
I use the following algorithm in CanIt. It is by no means perfect,
but it's pretty good:
...
- Skip a line starting "Dear "
...
- Do a SHA1 hash on what's left.
This won't work.
A significant amount of spam mails I receive slightly differs
for every recipient. E.g. many mails contain the recipients
name, even in lines not starting with "Dear". And several
mails asking to watch a web page where the URL contains a
hash of the recipient's e-mail address in order to verify that e-mail
address and whether the recipient is willing to read such messages.
Just that special URL is enough to break your method.
Once your system gets wideley deployed, spammers will start to
include other random content. Especially in spam messages with
HTML content it is extremely easy to hide some invisible
information. Even in plain mail, that's easy. Just print a
random number anywhere. If it should look neat, just have
something like "Welcome to the porn club, your member number is ####"
I've already received some messages assigning me some silly member
numbers. Maybe these numbers were supposed to spoil any hash
based spam protection.
Since you have to publish the details of your hash algorithm in
order to deploy it, it's extremely easy for spammers to design
their message such that every single message has a different hash
value.
And, it is a leakage of information:
Let's assume a central server is sending standard messages with
some kind of secret, e.g.
Dear David,
welcome to this whatever-service, your password is
12345
or something like
Dear David,
your current account balance is
123.45
I can register to the same service to get the skelleton of the
message. If I know that you have received a message from the
same IP address with a given hash value I can easily perform
an exhaustive search through the secret's space to find your
secret.
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg