[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] How to defeat spam that uses encryption?

At 12:25 PM -0500 3/31/03, David F. Skoll wrote:

You're assuming that most people have JavaScript-enabled mail readers.
There are simpler ways to defeat filtering, checksums and such without
depending on client-side software.
The percentage is high enough that spammers don't care about those that don't. I've seen more than a few Javascript encoded email messages. It seems to be most common for illegal scams (like attempts to get your credit card) where they want to keep a web site running for long enough to collect some cards. The encryption presumably means that it takes longer before someone technical enough to deal with the message can find the actual web site.

I actually went so far at one point as to build a fake IE DOM in a PD Javascript interpreter so that I could automatically decrypt the messages.

At 1:02 PM -0500 3/31/03, David F. Skoll wrote:
Here's a simple rule:

	IF body contains "javascript THEN bounce.
Unfortunately there are a number of commercial companies out there selling "active email" products. Basically these are services that let you, for instance, send out a party invitation where you don't have to go to the web site to respond. The list of who has subscribed, and the forms to subscribe are all in your email, and change dynamically each time you read it. Those products include javascript in the email. The usual content-filter problem.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg