We had a similar incident sometime back but it was a name in both the
subject and body.
Greylisting, which we are about to implement, is an extra line of defence
where an MTA will temporarily reject email from a new or unrecognised
source. A legitimate (and properly configured) mail server will attempt
to connect later on to deliver the e-mail. Many mass e-mail tools used by
spammers will not bother to retry a failed delivery, so the spam is never
delivered. One can only hope that a failed delivery the first time would
lead spammers to believe that it is an invalid address.
cheers
Paul
"Jamie Riden"
[EMAIL PROTECTED]
Sent by:
To
[EMAIL PROTECTED] "Christine Kronberg" <[EMAIL PROTECTED]>
cc
[EMAIL PROTECTED],
[email protected]
08/06/2006 07:05 AM
Subject
Re: Re: Strange mail with number in
subject line and body
On 08/06/06, Christine Kronberg <[EMAIL PROTECTED]> wrote:
> On Wed, 7 Jun 2006, [EMAIL PROTECTED] wrote:
>
> > My best guess is that this is meant to poison the statistics of
bayesian mail filters and trick them into letting spam through.
>
> Do you really think a few mails with just a number in it will have
> a noticeable effect on the filters? To me it seems more likely that
> someone uses a bot net for address verification and list washing.
Indeed - most Bayesian techniques I have seen will only look at the n
most 'useful' words in determining whether it's spam or not spam. I
just can't see any feasible way to poison this sort of scheme.
cheers,
Jamie
--
Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED]
NZ Honeynet project - http://www.nz-honeynet.org/
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las
Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+
nations.
http://www.blackhat.com
------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Free publications and statistics available on www.abs.gov.au
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
------------------------------------------------------------------------------