ietf-asrg
[Top] [All Lists]

[Asrg] Spammer reaction to countermeasures

2003-06-24 10:05:02
Strange tags and com<!-- stupid stuff -->ments can be elided but they
are a very reliable spam indicator. If email has an html comment in the
middle of a spamword that increases the probability it is spam.

This is one case of a spam sender countermeasure that backfires.

That popular filters have been adjusted in that direction may be why
the more advanced spammers have stopped using that particular tactic.

The problem is that there are SO MANY odd things in various HTML 
implementations 
(such as the less-than-uniform handling of HTML comments as has been pointed 
out) that there are a lot of loopholes, backwaters and dark corners for 
increasingly-devious spammers to hide in.  Instead of fighting a tiring and 
largely pointless ongoing "whack-a-mole" game on such complicated (and 
changing!) terrain, I think it simply makes more sense to just change the 
ground 
rules such that ALL those HTML-based tricks are denied to [only!] 
unrecognized/unauthorized/untrusted senders in one fell swoop.

Does it result in a few changes and inconveniences?  Sure it does, during the 
transition period.  ANY change we propose is going to result in some 
adjustments.  I think the nature of these adjustments are explainable, fairly 
understandable even to relatively clueless users, and have a high payback.

And again, the fact that the SAME permissions-list mechanism would also deal a 
MAJOR blow to worms/viruses/trojans is a real nice bonus, too.

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment!  Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] Spammer reaction to countermeasures, gep2 <=