ietf-asrg
[Top] [All Lists]

Re: [Asrg] DCC and IP checksums

2003-03-10 10:23:58
On Mon, 10 Mar 2003, Hadmut Danisch wrote:

Reading some of the spams I receive I found that many of them seem
to be sent with the very same software and address list. There are
billions of spam, but only a few spamming tools. All it takes is just
a simple software upgrade to the next version of the tools to defeat
that hash method.

Right; it's an arms race.  The ways to fight back are:

1) Change your hash method every so often, as recommended on
http://www.rhyolite.com/anti-spam/dcc/

"The fuzzy checksum will need to be changed as spam evolves"

2) Don't all use the same checksum.  As Vernon wrote, you can use
multiple checksum methods making it more painful to defeat them all.

Eventually, you could probably detect efforts at defeating checksums
with other, non-checksum rules.  This might involve grammar-checking
filters that look for anomalous content, or even filters with deeper
understanding that can detect non-sequiturs.  It's not easy, I grant
you.

SpamAssassin's local tests are at heart pretty simple -- they
(more-or-less) just look for regular expressions in the text.  But
they remain very effective, and their effectiveness doesn't drop off
very rapidly with time.

Once spammers learn how to do it, all spammers will
know how to do it. There is not significant number of "low-hanging
fruit".

My experience tells me otherwise.  Dozens of CanIt customers and thousands
of MIMEDefang/SpamAssassin users still find the old, simple methods quite
effective.

I also reject the notion that my domain is only 3 years behind
striker.  Our domains (we have about 10) average a total of around 20
spams a day.  If our spam volume tripled each year, it would still
take us almost 9 years to reach striker levels.  In the mean time,
filtering works pretty well, and I hope that within 9 years, this
group will have found a better solution.  :-)

--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>