> These are the recent trends raised by my management:
>
> Hash Busting - slightly modify each copy of message to foil
> 'fingerprinting' techniques
Since SA doesn't do fingerprinting this doesn't have quite the desired
effect.
It can break a meta rule looking for particular text, but the quick answer
is generally to modify the meta with a new term or two. After about three
tries you end up with a rule that will catch most all the variations.
And in any case Bayes doesn't care much about minor variations, its all spam
to it.
> Bayes Poisoning - addition of random dictionary words
Makes really GOOD spam identification. I hardly ever send or receive email
containing a page of Cicero in the original Latin. Spammers do.
In addition, most of these things are mispunctuated and often have other
interesting characteristics that make them fodder for some pretty generic
rules. I have mine scored at 10 points each. It isn't unusual to manage
to hit 80 points with one of these things.
> Hidden Text - using invisible text in html messages
Makes really GOOD spam identification. :-)
> Keyword Corruption - using obfuscated text to hide keywords
Makes really GOOD spam identification.
> Tiny Messages - messages with only URL or image
These are harder. Fortunately they almost always follow one of a handful of
standard pattersn that make them amenable to catching with fairly simple
rules.
Loren
