You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Chr. v. Stuckrad" <st...@mi.fu-berlin.de> on 2007/08/07 12:14:31 UTC
Re: Number spam (paranoid guess)
On Tue, 07 Aug 2007, John Andersen wrote:
> Ok, what is this stuff.
> All it contains is 6 digit numbers. What's up with that stuff?
My most paranoid guess is:
- Cause: we have summer vacation time ...
So LOTS of people are on holidays.
If you use E-Mails with totally useless content which goes
through all filters for a short time, you can trigger LOTS
of vacation-Messages!
Then (1) you will have to know, 'who answered' and if you
ar not only a a spammer, but also a 'more criminal mind',
you (2) might even find the typical vacation messages like
"I'm away to china for two weeks, try later ..."!
So you know somebody is *away* and you can safely steal
from the flat, impersonate the owner of the addresse etc...
That's paranoid, I know, but criminals are not always dumb :-)
And lazy anyway, and on the internet too :-)
Stucki (who never has vacation [messages:-])
Re: Number spam (paranoid guess)
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 8/7/2007 4:34 PM, Henrik Krohns wrote:
> On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote:
>> This appears to work okay :-
>>
>> header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i
>> body __LOCAL_PROBE2 /([a-z|0-9]{8})/i
>> describe LOCAL_PROBE1 Daft Number Probe
>> meta LOCAL_PROBE1 (__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
>> score LOCAL_PROBE1 3
>
> Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost
> anything and then just wait for a few digits in subject.. :)
>
header __LOCAL_PROBE1 Subject =~ /^\d{4,6}$/
body __LOCAL_PROBE2 /^[a-f0-9]{8}$/i
meta LOCAL_PROBE (__LOCAL_PROBE1 && __LOCAL_PROBE2)
score LOCAL_PROBE 3.0
should be safer
Re: Number spam (paranoid guess)
Posted by UxBoD <ux...@splatnix.net>.
Yes I know :( has been pointed out to me so has been revised :-
header __LOCAL_DIG1 subject =~ /^\d[0-9]{4,6}$/
body __LOCAL_DIG2 /^([a-f|0-9]{8})$/i
describe LOCAL_DIG1 Daft Number Scam
meta LOCAL_DIG1 __LOCAL_DIG1 && __LOCAL_DIG2
score LOCAL_DIG1 3
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- Original Message -----
From: "Henrik Krohns" <he...@hege.li>
To: users@spamassassin.apache.org
Sent: Tuesday, August 7, 2007 3:34:49 PM (GMT) Europe/London
Subject: Re: Number spam (paranoid guess)
On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote:
> This appears to work okay :-
>
> header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i
> body __LOCAL_PROBE2 /([a-z|0-9]{8})/i
> describe LOCAL_PROBE1 Daft Number Probe
> meta LOCAL_PROBE1 (__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
> score LOCAL_PROBE1 3
Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost
anything and then just wait for a few digits in subject.. :)
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Number spam (paranoid guess)
Posted by Henrik Krohns <he...@hege.li>.
On Tue, Aug 07, 2007 at 02:52:25PM +0100, UxBoD wrote:
> This appears to work okay :-
>
> header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i
> body __LOCAL_PROBE2 /([a-z|0-9]{8})/i
> describe LOCAL_PROBE1 Daft Number Probe
> meta LOCAL_PROBE1 (__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
> score LOCAL_PROBE1 3
Looks like nice FP generator for busy sites. PROBE2 is certain to hit almost
anything and then just wait for a few digits in subject.. :)
Re: Number spam (paranoid guess)
Posted by UxBoD <ux...@splatnix.net>.
This appears to work okay :-
header __LOCAL_PROBE1 subject =~ /[0-9]{4,6}/i
body __LOCAL_PROBE2 /([a-z|0-9]{8})/i
describe LOCAL_PROBE1 Daft Number Probe
meta LOCAL_PROBE1 (__LOCAL_PROBE1 + __LOCAL_PROBE2 > 1)
score LOCAL_PROBE1 3
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net
----- Original Message -----
From: "Greg Skouby" <gs...@sitesnow.com>
To: users@spamassassin.apache.org
Sent: Tuesday, August 7, 2007 2:14:44 PM (GMT) Europe/London
Subject: Re: Number spam (paranoid guess)
On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote:
>
> My most paranoid guess is:
>
> - Cause: we have summer vacation time ...
>
> So LOTS of people are on holidays.
> If you use E-Mails with totally useless content which goes
> through all filters for a short time, you can trigger LOTS
> of vacation-Messages!
>
Wouldn't that require the "from" info not being forged? I have gotten a couple of these and they are definately of the forged sender variety.
--Greg
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Number spam (paranoid guess)
Posted by Greg Skouby <gs...@sitesnow.com>.
On Tue, Aug 07, 2007 at 12:14:31PM +0200, Chr. v. Stuckrad wrote:
>
> My most paranoid guess is:
>
> - Cause: we have summer vacation time ...
>
> So LOTS of people are on holidays.
> If you use E-Mails with totally useless content which goes
> through all filters for a short time, you can trigger LOTS
> of vacation-Messages!
>
Wouldn't that require the "from" info not being forged? I have gotten a couple of these and they are definately of the forged sender variety.
--Greg