Fuz3 to checksum only links?

Adam Ierymenko api@xactcommerce.com
Fri Aug 8 22:24:55 UTC 2003


I had an idea after reading about the white-on-white tactic and thinking
about other filter-busting tactics that spammers are using...

For spam to be effective, it must have a link in it somewhere.  Would it
then be effective to checksum links separately as a Fuz3 checksum?  It
seems like this may generate false positives, so dcc would probably have
to be configured to ignore Fuz3 by default and a good configuration 
would
probably only block very high Fuz3 counts... but it seems like this 
might
work.

There are two issues I can think of:

1) It would have to ignore arguments, as URL encoded garbage could be
    added to a URL to randomize it.  It would have to only count the
    *path* of the URL.

2) There could be a big false positive problem with free e-mail services
    and such that put URLs in the body of the message.

One solution to #2 I can think of is to have the ability to whitelist
URLs to be ignored in Fuz3 checksums, but this seems kludgy.

Another solution to #2 might be to make a URL-based Fuz3 be calculated
based on URLs and associated link text or image links.  It's easy to
hide text as white-on-white (or off-white on white, etc.) in the body
of a message, but it's hard to introduce that much variation into your
links unless you don't want your victi^H^H^H^H^Hcustomers to be able to
understand you. :)  Of course, a spammer might still be able to get
around this by setting up a webserver to serve out images as it's 404
response and then using random image URLs as links, but this would
make their spam unreadable to people with load images in e-mail body
turned off.




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.