[SURBL-Discuss] First attempt to subvert surbl approach ? :)

William Stearns wstearns at pobox.com
Wed Apr 21 23:02:06 CEST 2004


Good eening, Simon,

On Thu, 22 Apr 2004, Simon Byrnand wrote:

> Just browsing through my spam folder and noticed a spam with the following URL:
> 
> http COWLON //yahoo DAWT com DAWT collectiza DAWT com/vp9
> 
> Looks like they might think that putting yahoo.com on the front will fool a 
> simple parser ? :) Have we been "noticed" already or am I just being 
> paranoid ;)
> 
> That particular spam didn't match on that test, but did match on another 
> different URL in the same message...

	They've been doing this for a long time, stuffing msn, yahoo, 
netscape and others in front of the domain, hoping that dumb string 
matchers will whitelist those and then ignore the true domain.
	Short version; you're doing yourself a disservice if you allow 
mailing lists _about_ spam to go through spamassassin or any other 
filtering tool.  Feed those lists off to separate files before you hit the 
spam checker.
	Cheers,
	- Bill

---------------------------------------------------------------------------
        "Very funny, Mr. Scott.  Now beam down my clothes."
(Courtesy of Michael J. Fromberger <sting at linguist.thayer.dartmouth.edu>)
--------------------------------------------------------------------------
William Stearns (wstearns at pobox.com).  Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at:   http://www.stearns.org
--------------------------------------------------------------------------


More information about the Discuss mailing list