Re: [Asrg] How to defeat spam that uses encryption?

[jm@jmason.org (Justin Mason)]

Jason Hihn said:

> But imagine this in a message:
> --- start---
> [javascript]
> $cypher_text="dsfjhsjdfhsdfjksdhfskjfhsd.."
> function decrypt(key, cypher_text){
> /* do description */
> document.writeln($plain_text)
> }
> [/javascript]
> 
> [body onload=decrypt("aasc", $cypher_text)]
> --- finish ---
> Now all your filters, Bayesian or not, will only work on the actual text
> seen between start and finish. No filtering will be done of the "message" -
> what the user sees.  Furthermore, variable and function names are infinitely
> variable, and what is not variable is standard html/js stuff and has
> significant legit use.

This exists -- I think a search for SBL will throw up one spammer
(Merlin?) who writes this kind of polymorphic-style spam.

In SpamAssassin's ruleset, the use of a body onload attribute, or
Javascript decryptors, is an incredibly strong spam-sign -- because *no*
legit mail ever does this. 

I think this may be one reason I haven't seen 1 spam that does this, since
about a year ago. ;)

--j.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg