enhancement idea.

darkmark darkmark@filament.org
Fri Apr 18 18:20:04 UTC 2003


On Fri, 18 Apr 2003, Vernon Schryver wrote:
> Have you tried blacklisting the empty FUZ2 checksum with version
> 1.1.34 or newer?  See the announcement of 1.1.34
> http://www.rhyolite.com/pipermail/dcc/2003/001127.html
> or the example and explanation of
>    many   hex     FUZ2: 00000000 00000000 00000000 00000000
> in http://www.rhyolite.com/anti-spam/dcc/dcc-tree/homedir/whiteclnt

That seems risky.  esp if you recieve "hi, here's a couple of pics of the
kid!  love so and so."  type emails in html or text with web links or
mime-encoded attachments.

what I want to avoid is shown here in the following included example
(recieved and to lines removed to protect the innocent, since the spammers
are now pretty much 'open-proxy' only anymore).  Note the real links, but
random crap at the end.  I recieved a similar spam this morning, also with
real links but random crap inserted between "font" tags.  I recieve about
20 of these formatted type messages a day.  I note that there is no Fuz2
metric, which I'm assuming means that the "FUZ2: 0.." blacklisting would
work for this message?

>From ik0njc7q4ym8@hotmail.com Fri Apr 18 11:14:02 2003
Return-Path: <ik0njc7q4ym8@hotmail.com>
Received: from rfjvq.n43x.org [248.197.109.249] by NTWS_PTL02 id
    311qkwC3Dq9W; Fri, 18 Apr 2003 22:00:08 +0500
Message-ID: <h6t$bw0ib8o4uf-z@z22.w5v87aierd>
From: "Adrian Robinson" <ik0njc7q4ym8@hotmail.com>
Subject: slim you is around the corner!
Date: Fri, 18 Apr 03 22:00:08 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="A7E.6_8.3_CD46BA52"
X-DCC-meer-Metrics: hellfire.filament.org 1035; Body=1 Fuz1=1

<html>
<body>
<a href="http://193.231.248.89/health/">
<img border="0" src="http://193.231.248.89/health/hehey.gif" width="551" height="350"></a>
<br>
 <p> </p>
<a href="http://193.231.248.86/jenja/cmt.php">
<img border="0" src="http://193.231.248.89/health/jerry.gif"></a>
</font><br>
</p>
</body>
</html>fshphezfo dpirvt
 b rn w f no
ge swg jzwa
irypthf m
plsmqvjf





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.