It is rare that a piece of spam slithers into my inbox through all my ever vigilant filters -- so when it does, I pay attention. These days spammers are no longer greasy 16 year olds with a dsl connection, now they're sophisticated, bright, innovative opponents.. any other types drop off the map so quickly they don't know what filter hit them. It becomes a game.
"How did this one get through"
"Oh, I see, clever boy"
Filters improve, and as a result, spammers improve. A spammer who can get through my filters and infiltrate my inbox is a worthy opponent indeed. Either that or just incredibly lucky.
Today's gem comes with new methology, not just relying on fooling the filters, this one meant to fool the recipient. Of course, that point is not new, spammers have done this since the early days of "MAKE MONEY NOW" schemes on usenet.. but typically they try to appeal to the reader..
Subjects like...
"About last night"
"Re: resume"
..and so on.
Anyone can see through those, especially when they attempt to appeal with a personal touch and include the email prefix in the subject..
"You didn't call joe01239clas"
Well, gosh, all my girlfriends call me that, I should read it now! Not. What is the one thing that almost everyone is guaranteed to read?
"You're such an asshole!"
In small print inside "buy viagra" -- all jokes about the subject and enclosed message aside.. that's pretty damn clever.. Who can pass up a message that alludes to causing any sort of wrong doing? Play at that little guilty devil inside all of us.. Well, it only works once, no goal, your ball.
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/1082
I wrote about a spam message that a friend of mine received and asked me about because she was suspicious. It's got a different line of making money which is much more seductive than the usual suspects and probably much more effective. They've a few methods to realistically guess the email addresses of people who may have used online dating services. Then they send out an email that is personal enough (and is missing all kinds of spam clues that automatic filters rely upon) that many recipients feel that just maybe it is legit. You have to actually pay money to a dating service to respond though. Much easier to get people that have joined one dating service to join another than selling a viagra (especially when the recipients are girls!).
http://twp.zrox.net/blog/archives/000027.html
I've had lots of people from people who were a little bit suspicious and found my page and felt betrayed; I've left comments open and let them rant a bit. I'd guess that there were a lot of people who were not suspicious enough, got duped, and would never admit it. I posted in mid-November and still tend to see over twenty hits a day about it.
The real twist, and why I posted in the first place, is that I see no way for automatic methods to determine it is spam without a person at some point inspecting the message, recognizing it as spam, then then identifying specific characteristics for blacklisting. Of course that is not fully automatic.
Travis: Look into Bayesian filtering. It's not a silver bullet, but it basically learns what is and isn't spam by example.
http://spambayes.sf.net/ is a good filter which has an Outlook plugin and so on.
Personally I run bogofilter (a similar project, though with different tweaks to the algorithms; I'd switch to spambayes if the database could be migrated, though), and I only get maybe one false negative per week, and a false positive maybe once a month and it's typically been for a message I was expecting and had a feeling it would show up in the spam folder.
A learning AI isn't as good as a human reader, but it's a lot more time-efficient.
#I get called those sorts of things all the time, so even filtering might not work. Looks like I am in trouble!
#I actually wrote the Spam Rant the other day but stored it (b/c I had other things to get out there first) but when I saw this, I thought I trackback to it - seemed too perfect not to :)
#you know Candy and I have had this discussion many times--can a woman be an "asshole?" it seems almost always applied to males. it seems that if one wishes to insult a female there are harsher and more degrading terms than "asshole..."
#Just wanted to let you know that when I accidently came across your site from some search device, I discovered it to be quite interesting. Thanks, Jim
I'd offer to buy you coffee like the kid who heard you sing (one of your many writes), but I live in Dallas, TX and the drive is a bit much for me:)
Take care, Jim
#Why donīt you use java for the comment links so that no PR will given away?
#The one I still remember as getting past my mental filters had subject '$376.25 has been charged to your account'. I thought that was a pretty clever way of bypassing my calm and rational consideration of whether I should open it...
Like you say, though: only once.
kasia in a nutshell: The new twist in spam
(read more)
January 8, 2004 09:01 AM
Spam
(read more)
January 8, 2004 10:58 AM
kasia in a nutshell How weird is this? I was following up links to stories about spam, checked the author bio on this blog, and DH says "Oh, that's a friend of Steve's. She has the same kind of digital...
(read more)
January 8, 2004 10:14 PM
The other day kasia reported a new twist in spam with subjects like "you're such an asshole", I got something entirely different yet similar (in German) and when I read it, it took me the entire length of the text to realize...
(read more)
January 9, 2004 07:15 AM