[linux-elitists] Notify about using the e-mail account.
Karsten M. Self
Wed Mar 3 14:25:18 PST 2004
on Wed, Mar 03, 2004 at 04:33:55PM -0500, Aaron Sherman (email@example.com) wrote:
> On Wed, Mar 03, 2004 at 10:43:51AM -0800, Karsten M. Self wrote:
> > Rulesets only get you so far. The nice thing about the Bayesian
> > classifiers is that they are automatically adaptive.
> Very true!
> And that's why SA isn't just a ruleset. SA uses a large number of approaches
> including static text-matching rules; Beyesian scoring; DNS blacklists;
> distributed checksums; etc. You note later the DNSBL and checksum
> tests, but not Bayes, I just thought you might want that extra piece.
Where rulesets *are* useful, IMO, is in detecting structural or
point-of-origin aspects of mail:
- URL obfuscation. Effectively never needed in legitimate mail.
- Various chaffing methods. There are several custom filters for SA
which address the use of HTML commens or anchors to obscure text,
e.g.: pe<!--asdf-->nis or via<a href="http://zgp.org/"></a>gra.
Also widely divergent HTML and ASCII methods.
See "backhair" and "popcorn" which tend to pick these up.
- Image-link based spam. Body contains few lines of text and an
- Known-bad URL spam. There are lists of spam-friendly IPs and/or
spammer-owned (or controled, or 0wn3d) domains. Tools to update
such lists periodically and query against them on incoming mail
bodies can be effective.
I see the prior strategy of specifically coding in tests for specific
words and/or phrases as less critical. Though it's convenient to have
Nigeria spam identified for me in SpamAssassin headers.
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The black hat community is drooling over the possibility of a secure
execution environment that would allow applications to run in a
secure area which cannot be attached to via debuggers.
- Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040303/3bded61d/attachment.pgp
More information about the linux-elitists