We had a similar incident sometime back but it was a name in both the
subject and body.
Greylisting, which we are about to implement, is an extra line of defence
where an MTA will temporarily reject email from a new or unrecognised
source. A legitimate (and properly configured) mail server will attempt
to connect later on to deliver the e-mail. Many mass e-mail tools used by
spammers will not bother to retry a failed delivery, so the spam is never
delivered. One can only hope that a failed delivery the first time would
lead spammers to believe that it is an invalid address.
cheers
Paul
"Jamie Riden"
jamesr@europe.com
Sent by:
To
jamie.riden@gmail.com "Christine Kronberg"
<seeker@shalla.de>
cc
junkmail@babtras.com,
incidents@securityfocus.com
08/06/2006 07:05 AM
Subject
Re: Re: Strange mail with number in
subject line and body
On 08/06/06, Christine Kronberg <seeker@shalla.de> wrote:
On Wed, 7 Jun 2006, junkmail@babtras.com wrote:
My best guess is that this is meant to poison the statistics of
bayesian mail filters and trick them into letting spam through.
Do you really think a few mails with just a number in it will have
a noticeable effect on the filters? To me it seems more likely that
someone uses a bot net for address verification and list washing.
Indeed - most Bayesian techniques I have seen will only look at the n
most 'useful' words in determining whether it's spam or not spam. I
just can't see any feasible way to poison this sort of scheme.
cheers,
Jamie
--
Jamie Riden / jamesr@europe.com / jamie.riden@computer.org
NZ Honeynet project - http://www.nz-honeynet.org/
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las
Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+
nations.
http://www.blackhat.com
------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Free publications and statistics available on www.abs.gov.au
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
------------------------------------------------------------------------------
