[NCLUG] Crafty Spam [was Keep spyware and hackers locked out]
Bob Proulx
bob at proulx.com
Sat May 22 17:09:28 MDT 2004
Michael Milligan wrote:
> The attachment must have gotten stripped. Here's the text body of the spam:
Yes. That is extremely common. It is called bayes poison. Or bayes
fodder. It all depends upon your viewpoint. Ignore it.
If you have trained bayes on both good and bad mail then good mail
will have a Bayesian index which pulls the message toward non-spam.
The idea is that if a spammer makes parts of their message look like
non-spam then that will pull the entire message toward the non-spam
side and pass the message through the bayes filters. This will
somehow cause the filters to overlook the spammy parts of the
message.
Except that it does not work. If you have actually trained your bayes
engine on both spam and non-spam messages as you should be doing then
it will simply ignore the non-spammy looking part of the message since
that part appears in both spam and non-spam messages. It won't have
any weight in the scoring at all. Any spammy part of the message will
have an affect and the filter will just work normally. Bayes filters
are known for their ability to adapt very quickly to new types of
attacks. Yes, with a new attack the first messages will get through.
But only the first because as you say "that one is spam" the filter
will learn and adapt and you will stop seeing that kind of attack.
Bob
More information about the NCLUG
mailing list