ietf-asrg
[Top] [All Lists]

Re: [Asrg] How to defeat spam that uses encryption?

2003-03-31 09:56:19
From: Jason Hihn <jhihn(_at_)paytimepayroll(_dot_)com>

If I were a spammer (I am not) I'd start encrypting messages to throw off
content filtering. Public keys are easily obtainable and are readily
associated with good email addresses.

Many spammers encode their efforts as quoted-printable, base64,
or even both (never mind the MIME RFCs and MUA behavior).  However,
the stuff must still be deccode or decrypted at zillions of targets
or spamming is wasted effort.  If it can be decoded to show to a human,
then it can first be decoded for a filter.


Also, but not quite as complex:
A few years ago, I 'invented*' a way to encode a whole web page as a long
string. This string is a variable in JavaScript. When it's opened, a
function is applied to the string where it's decoded contents are written to
the browser. Imagine a simple ROT13 decoder. What's more is Bayesian
filtering would fail because the spammer can invent pads, and ROT bases,
thereby inventing new 'words' in the dictionary all the time.

Just a thought of what's to come...
...

That's all old hat.
The anti-spam counter is to apply the insight that wrecks most content
management schemes.  That insight is that it must be made intelligible
to humans, and that which is intelligible to humans can be recorded
and analyzed.  Some current spam filters spend more or less effort
render the HTML/Javascript/wathever before filtering.

The counter to that is to send spam that harder to analyze.  For
example, last year some stock-fraud spam was purely graphical, such
as URLs of pictures of text.
The counter to that is for filters to recognize naughty URLs.

And so forth.

As others have said, this is a never ending cycle.  The 6 years I've
been running content analyzing filters have convinced me that the
advantage lies with the defense.  Techically, I think it should be
easier to evade filters.  I've never built a filter that wouldn't be
easier to evade than to operate.  Spammers are always slow and behind.
Why?


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg