ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] How to defeat spam that uses encryption?

2003-03-31 10:41:18
from [Jason Hihn] [Permanent Link] 



-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org 
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of
Vernon Schryver
Sent: Monday, March 31, 2003 11:55 AM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] How to defeat spam that uses encryption?



From: Jason Hihn <jhihn(_at_)paytimepayroll(_dot_)com>



If I were a spammer (I am not) I'd start encrypting messages to

throw off

content filtering. Public keys are easily obtainable and are readily
associated with good email addresses.


Many spammers encode their efforts as quoted-printable, base64,
or even both (never mind the MIME RFCs and MUA behavior).  However,
the stuff must still be deccode or decrypted at zillions of targets
or spamming is wasted effort.  If it can be decoded to show to a human,
then it can first be decoded for a filter.


The difference here is that a scheme that I describe exists as JavaScript
code until render time. The observation here to make is that render time is
AFTER decode time. Base64, mime,  and ROT13 can be done using compiled code
already in the client, so it can filter after that is done. By throwing it
into JavaScript, it's not rendered until shown.


As others have said, this is a never ending cycle.  The 6 years I've
been running content analyzing filters have convinced me that the
advantage lies with the defense.  Technically, I think it should be
easier to evade filters.  I've never built a filter that wouldn't be
easier to evade than to operate.  Spammers are always slow and behind.
Why?


They are lazy and reactive as we are: they only want to do a minimum amount
of work to keep doing their thing. We react, and they have to react to our
reaction. Coming up with the perfect method of spam would only shorten their
lives, as a perfect method would draw 100% of the spammers, and therefore
100% of anti-spammers attempting to kill it off. It's much better for them
to play this cat-and-mouse game.

We could implement a complete anti-spam infrastructure that would take all
the method and motive out of spamming, but this list has proven to me that
we'll never take that step because admins are lazy.

I came up with (what I thought was) the most important piece of a system to
ending spam and I got baulked at. It was not hard to implement, but no one
seemed to think it important.

(It was a mail protocol negotiation proxy, so the internet could use
multiple mail protocols, each protocol can easily be replaced, or upgraded.
If the preferred supposed spam-unfriendly protocol was not used, there would
be some 'penalty' (delay, filtering, tar proxy) imposed. This would allow
protocols to compete, with the bonus of weaking spam techniques, because
hopefully, the same technique won't work on all protocols.)



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] How to defeat spam that uses encryption?, Jim Youll
Next by Date:  Re: [Asrg] define spam, wayne
Previous by Thread:  Re: [Asrg] How to defeat spam that uses encryption?, Vernon Schryver
Next by Thread:  Re: [Asrg] How to defeat spam that uses encryption?, Markus Stumpf
Indexes:  [Date] [Thread] [Top] [All Lists]