-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org
[mailto:asrg-admin(_at_)ietf(_dot_)org]On Behalf Of Jim
Youll
Sent: Monday, March 31, 2003 12:35 PM
To: David F. Skoll; asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] How to defeat spam that uses encryption?
At 12:25 -0500 3/31/03, David F. Skoll wrote:
> From: Jason Hihn <jhihn(_at_)paytimepayroll(_dot_)com>
To: Asrg <asrg(_at_)ietf(_dot_)org>
Subject: [Asrg] How to defeat spam that uses encryption?
If I were a spammer (I am not) I'd start encrypting messages
to throw off
content filtering. Public keys are easily obtainable and are readily
associated with good email addresses.
Well, if you were a spammer and you did that, you'd soon be out of
business. I would estimate that fewer than one in 100 e-mail users
use PGP or GnuPG at all, and even fewer than that have a public key.
So you'd drastically limit your audience.
In fact, widespread use of GPG-style encryption could help defeat
spammers. If most people only accepted encrypted messages (except
from whitelisted mailing lists and such), it would become very
expensive to spam. (Yes, I know this will never happen -- don't
bother replying.)
It was only an example. But I do wonder.. any encrypted PGP or GnuPG message
would have higher social credibility for me...
But imagine this in a message:
--- start---
[javascript]
$cypher_text="dsfjhsjdfhsdfjksdhfskjfhsd.."
function decrypt(key, cypher_text){
/* do description */
document.writeln($plain_text)
}
[/javascript]
[body onload=decrypt("aasc", $cypher_text)]
--- finish ---
Now all your filters, Bayesian or not, will only work on the actual text
seen between start and finish. No filtering will be done of the "message" -
what the user sees. Furthermore, variable and function names are infinitely
variable, and what is not variable is standard html/js stuff and has
significant legit use.
-J
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg