Re: [Declude.JunkMail] Removing characters- subject

[Matthew Bramble]

I see a lot of the use of replacement also, however...spam randomizers are definitely now making use of inserting stray characters of punctuation in E-mail messages where they don't belong, and sometimes it can only be just one misplaced period.  If you step back and think about where they will go with randomization in the nearer future, it kind of makes sense.that we will see a lot more of this because it is so effective (as long as we lack the tool) and the implementation is fairly simple on the part of the spammer.  The current guy using it though does so many other things that the only way he can make it into an account is if his gibberish doesn't match while also coming from a totally clean IP.  That hasn't happened in a few days. The character replacement/misspelling technique is for the most part an obfuscation technique that doesn't make use of randomization, at least for the text of the messages.  So it kind of makes sense that a test for randomization might not be effective for detecting simple character replacement/misspelling.  This is kind of like the idea of stripping out the comment blocks and tags from the body of the message before using the filters.  That has proven to be quite effective.  Scott could also similarly create a test that would detect a number of instances of stripping out punctuation surrounded by A-Z within the body (or subject) like he does with the COMMENTS test (I don't think you should bother with the numbers because of FP's). Matt Bill Landry wrote: What about the use of replacement characters like V!@gr@, which I see a lot of?  With your test, viagra becomes "Vgr".   Bill ----- Original Message ----- From: Kami Razvan To: [EMAIL PROTECTED] Sent: Friday, November 07, 2003 3:01 AM Subject: [Declude.JunkMail] Removing characters- subject Hi;   Regarding the special characters in the subject line.   Would it not be easier if Declude could do filtering after it removes all special characters first.   I see a couple of common behavior that could easily be done with a REMOVE call in the text for subject.   1:  Multiple spaces between characters.  Lets say we replace any space greater than 2 with 1 space. 2:  Remove characters such as:  ' % @ * ... completely so V'iagra would become viagra 3:  Apply filter files   I know these people will come up with other ideas but at least with this approach we can solve this problem.   In the subject this could be done easily and be much more effective than us trying to filter any and all variations of Viagra.   Regards, Kami -- =================================================== Matthew S. Bramble President and Technical Coordinator iGaia Incorporated, Operator of NYcars.com --------------------------------------------------- Office Phone: (518) 862-9042 Cellular: (518) 229-3375 Fax: (518) 862-9044 E-mail: [EMAIL PROTECTED] or [EMAIL PROTECTED] =================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.