At 08:35 2004-03-10 -0600, Skip Montanaro wrote:
2. Bandwidth is still fairly expensive. Spammers probably consume
most of their existing bandwidth sending out mail. Reducing
the outflow of email will lower their overall revenues. Adding
more bandwidth so they can search for hammy text to associate
with email addresses is expensive.
Well, inbound and outbound bandwidth are two separate things. Sure, making
web requests and acknowledging individual packets takes some bandwidth, but
not much. Plus, in virtually all consumer configurations, the download
speed (speed at which the client can RETRIEVE data from the net) is faster
than their upload speed (the speed at which they can send spam, be it
directly or via compromised mail hosts). That download bandwidth is likely
sitting untapped when they're sending their spew.
A consumer modem might have 33Kb up / 56Kb down (optimal, realized might be
more like 28Kb/52Kb typical, perhaps less), and consumer broadband may be
128Kb/768Kb.
I am NOT suggesting that spammers are sophisticated enough to provide user
originated text in the spam. OTOH, it would be TRIVIAL to hash an email
address to generate a seed for a randomizer so that the keyword sequence
for the "word salad" is consistent for any given recipient (or say, cycles
one of five or ten word sequences). Of course, that means the recipient
could train the spam engine or just filter on certain sequences, and be
done with it -- OTOH, it might do a fair job at confounding system-wide
spam filtering.
Note that there is no reason the word salad db couldn't be populated with
words from prior db searches for that user address. Malware can certainly
be a powerful tool for the spammers in this case, since they can use saved
email on a lot of individual computers, tied directly to the given addresses.
Spammers could pull text from the website of the recipient domain:
schmoe(_at_)theirdomain(_dot_)tld -> hit (www.)theirdomain.tld and grab some text for
the spam. Or even try (www.)theirdomain.tld/~schmoe
I'd better stop hypothesizing before some spamfsck starts reading this list
for ideas.
to each spam message they send to skip(_at_)pobox(_dot_)com I will
quickly train
on the few false negatives that slip through and shift the spamprob
of each of the hammy words in the paragraph in the direction of spam.
That paragraph will cease to be effective and the spammer will have
to find a new one.
It still seems then that apparently _random_ words would slip by,
_necessitating_ you to submit them for learning.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail