« Overnight Server Migration | Main | Hanging Out with Pete - Open Source Themed Visit »

March 19, 2003

Tricking the Spamassassin Filter

I got a spam today that said this (both lines were linked):

A nice lady wants to correspond with you. check her out.

Let me know and I won't write you again. Thanks

We use spamassassin filtering, and it does a pretty good job. Very little spam gets through, so when one does I like to view the headers and see how close a spam got to being diverted. This particular piece of mail had a score of 3.1 (5.0 required to divert). I noticed when I turned the headers on (pine) that the body of the message actually looks like this:

A ni<!--z[@Fi@An,@F8OFA 0,sz-->ce lady wa<!--z[@Fi@An,@F8OFA 0,sz-->nts to corr<!--z[@Fi@An,@F8OFA 0,sz-->espond with you.<!----> check her out

Le<!--z[@Fi@An,@F8OFA 0,sz-->t me kn<!--z[@Fi@An,@F8OFA 0,sz-->ow an<!--z[@Fi@An,@F8OFA 0,sz-->d I won't wri<!--z[@Fi@An,@F8OFA 0,sz-->te y<!--z[@Fi@An,@F8OFA 0,sz-->ou again.<!----> Than<!--z[@Fi@An,@F8OFA 0,sz-->ks

Maybe this has been happening for awhile, but I had never seen it. Pretty sneaky to split up all the words so a matching algorithm would fail. Of course wouldn't be that hard to add a rule that blocks messages once they reach a certain number of comments.

Posted by mike at March 19, 2003 8:18 PM