ietf-asrg
[Top] [All Lists]

RE: [Asrg] How to defeat spam that uses encryption?

2003-03-31 13:02:39
From: "David F. Skoll" <dfs(_at_)roaringpenguin(_dot_)com>
To: Jason Hihn <jhihn(_at_)paytimepayroll(_dot_)com>

...
[javascript]
$cypher_text="dsfjhsjdfhsdfjksdhfskjfhsd.."
function decrypt(key, cypher_text){
...

That is fascinating.  I read my mail with Pine.

Other, more common MUAs are either configured by default to ignore
javascript in mail or can be easily set to ignore scripts (e.g. Netscape 7).
(I use BSD `mail,` which is even older and less common than Pine.)

Turning off scripts in mail seems like obvious precaution for anyone
using a Microsoft operating system.


Now all your filters, Bayesian or not, will only work on the actual text
seen between start and finish.

No, that is wrong.  A filter can decode the SMTP body exactly as it
will be decoded by the MUA.  If the MUA can decode the message enough
to present it to the user, then so can the filter.  The filter and
the MUA can share common code to do the decoding.  If the filter cannot
decode the message, then neither can the MUA.  There is no magic.
Computer programs are deterministic.  They do the same thing given
the same input.  They do not care if a human or some other program is
looking at their outputs.

Again, as I said before, it is now fairly common for spam body filters
to do at least rudimetary HTML decoding, so that they base their filter
decisions on something close to what the user will see.  It turns out
to be fairly easy to decode a lot of HTML, which is why the leading
edge of spam has stopped using <!--HTML comments--> and switched to
URLs pointing to the content.

This sort of HTML and script decoding can be done as part of the processing
of the SMTP DATA command so that an appropriate SMTP status code can be
given.  This sort of thing is the purpose of sendmail milter filters.  I
don't know of any sendmail milters that decode (i.e. execute) Javascript,
but there is no technical reason preventing it.  Common SMTP client
timeouts are long enough to let an SMTP filter follow links in HTML
messages and use whatever they produce to affect filtering.


...
If spammers start abusing this, then we'll have the happy result that
more people will start filtering out HTML mail, and we'll go back to
plain-text e-mail. :-)

Which would be a good thing.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>