| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 33589 | 2003-05-19 18:26:00 | Slightly OT: Spamglish | argus (366) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 145831 | 2003-05-19 18:26:00 | I've lately been getting a lot of strange headers to spam messages. It's not English; it's not English-as-a-second language, nor even English-as-she-is-spoke by an American pretending to be a Russian. It's not 'transliterated' non-Roman characters (not nonsensical enough for that), nor the likes of p0rn and v1agra. It's almost words but not quite: but if the words were converted to their nearest English equivalent, they still wouldn't make sense. 'sagurday claw oumr ya j' is a typical example I just received. 'zater clouwburst' is another still in my in-box. Sometimes the body of the message makes perfect sense (well spam sense, anyway); at other times, the body is another line of similar garble. What's the purpose of this? Are they really trying to sell merchandise, or are these strange character sequences attempting to corrupt something in email software? Particularly the ones that don't have any sense in header or body: what are they trying to achieve? Anyone have any theories? Argus |
argus (366) | ||
| 145832 | 2003-05-19 20:52:00 | > what are they trying to achieve? The first thing that comes to my mind is that they are trying to grab your attention. And they have been VERY successful at that by the sound of it. :-) |
Susan B (19) | ||
| 145833 | 2003-05-19 21:52:00 | Have you noticed any little green men sitting on your roof lately? ;\ | Pollly (1416) | ||
| 145834 | 2003-05-19 22:01:00 | Some of the Spam actually does mean something.. like they're for university degree's and in amongst thost jumbled letters, there are some words on certain emails :-) ...Not that Spam in the first place is any better... |
Chilling_Silently (228) | ||
| 145835 | 2003-05-19 22:17:00 | My bet is that these "words" are considered unlikely to trigger any spam filters. .Clueless |
Clueless (181) | ||
| 145836 | 2003-05-20 04:13:00 | I have also had a run of gibberish emails where the spelling in the subject line is worse than that of a 3 year old, sometimes the alleged senders address is also like that. A trace of IP numbers show many of them seem to start in Mexico and some from South America before ending up going through the various relays. Of course yours could be from another source. |
Gordon. (2217) | ||
| 145837 | 2003-05-20 04:43:00 | I think you are recieving spy information, who's cleverly coding his message, although it can be deciphered. e.g. zater clouwburst = water cloudburst = rain. So if you are in the area, it's probably going to rain so plans are cancelled. Well enough spy games for me. |
Kame (312) | ||
| 145838 | 2003-05-21 00:55:00 | Clueless wrote: >My bet is that these "words" are considered unlikely to trigger any >spam filters . As are "pr0n" and "V1agra", which I quoted . The difference with this stuff is that even when you account for any obvious letter substitutions, such nearest-English phrases as "water cloudburst" ( or "later cloudburst") they still make no real sense, and have no relevance to the subject of the email . My latest theory is that if they offer up enough nonsense text it doesn't so much evade the spam filters as "dilute" the impact of any terms to which the filters might be sensitive (maybe this is what Clueless meant) . As a test of this, I forwarded to another of my accounts, protected by SpamAssassin, an email headed: [Sexually explicit phrase] jnxayaonitctdnuw The body reads as follows: The rest was silence I felt as if I sat upon my mare in a stupor, but even in my dullness I saw a movement in the brush ahead of us . I did not speak to Gyric, and he did not say more . [pornographic HTML illustration with clickable link] It was as if an emerald had been melted and cast with gold . So all of these things kept tumbling about in my head, and beyond it all I knew that she and I would tomorrow night be alone with either Sidroc or Toki, vumuhbughtgahhdg15001328159513 no more offers? please go here You are seen as part of the tribute, and the tribute belongs to Yrling . It was of dark cobalt, running to purple, and had golden thread work all along the hem and sleeves . Seeya risa . " Despite the inclusion of HTML, which it usually doesn't like, and the plainly erotic phrases, SpamAssassin gave this no mark - which in practice means a mark less than 5 . 0 . By comparison, a "media release" from Seagate rated 5 . 6 and the typical Nigerian clocks about 14 . So it looks as though dilution with nonsense is a workable technique for evading SpamAssassin at least . I don't think MailWasher flagged it either . Filter designers need to know about this, if they don't already . I will forward the whole thing to a third account, which sits under Death2Spam, and see how it rates the message . Argus |
argus (366) | ||
| 145839 | 2003-05-21 03:16:00 | Sounds a difficult one to filter, i mean how does one filter simple spam nonsence from poorly written mail or just plain bad grammer? For every solution, spammers seem to make more problems! .Clueless |
Clueless (181) | ||
| 1 | |||||