Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Torrent of new spam

Daniel Barrett pondered:
> Hmm... how does that work when Craigslist anonymizes all addresses
> (e.g., abcde-5950223588 at Do they ... somehow
> discover your real address?

It's a possibility they've created bots that seem real enough to engage you in
conversation outside Craigslist (for example, I'm apartment-hunting now, and
20-30% of the postings are scam ads that I thought were targeted at suckers
who might foolish put down deposits for applications on places they've never
been to, but might just be harvesting email addresses). But I doubt that this
is the origin of the spam I'm seeing.

> ... my approach to spam is to run spastic (
> and spamassassin in sequence.

I'm not familiar with spastic; its description at sourceforge doesn't provide
much of a clue as to how it would complement spamassassin.

The new torrent of messages is coming in bursts, about 50 a day, and they seem
to rotate IP source addresses: there are patterns of multiple messages on a
given IP but I haven't yet figured out a pattern for how they're doing it. One
thing that's pretty clear is that most of these have a message body that their
"client" has paid to distribute, followed by a screenful of blank lines,
followed by several paragraphs of Bayesian-buster text typed by hand
(Mechanical Turk or the like) or by a sufficiently-clever algorithm. Whatever
firm is behind this obviously has an outbound server farm that has all the
same spam-busting tools that we try to use for defense: their messages pass
existing tests with flying colors. Tools like sa-learn are no match for them.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /