Fuz3 to checksum only links?

gagel@cnc.bc.ca gagel@cnc.bc.ca
Fri Aug 8 22:51:26 UTC 2003


Also consider encoded url's, ipv6 urls, those huge number only url's.

----- Original Message Follows -----
> I had an idea after reading about the white-on-white tactic and
> thinking about other filter-busting tactics that spammers are
> using...
> 
> For spam to be effective, it must have a link in it somewhere. 
> Would it then be effective to checksum links separately as a Fuz3
> checksum?  It seems like this may generate false positives, so dcc
> would probably have to be configured to ignore Fuz3 by default and a
> good configuration  would
> probably only block very high Fuz3 counts... but it seems like this 
> might
> work.
> 
> There are two issues I can think of:
> 
> 1) It would have to ignore arguments, as URL encoded garbage could
> be
>     added to a URL to randomize it.  It would have to only count the
>     *path* of the URL.
> 
> 2) There could be a big false positive problem with free e-mail
> services
>     and such that put URLs in the body of the message.
> 
> One solution to #2 I can think of is to have the ability to
> whitelist URLs to be ignored in Fuz3 checksums, but this seems
> kludgy.
> 
> Another solution to #2 might be to make a URL-based Fuz3 be
> calculated based on URLs and associated link text or image links. 
> It's easy to hide text as white-on-white (or off-white on white,
> etc.) in the body of a message, but it's hard to introduce that much
> variation into your links unless you don't want your
> victi^H^H^H^H^Hcustomers to be able to understand you. :)  Of course
> , a spammer might still be able to get around this by setting up a
> webserver to serve out images as it's 404 response and then using
> random image URLs as links, but this would make their spam
> unreadable to people with load images in e-mail body turned off.
> 
> _______________________________________________
> DCC mailing list      DCC@rhyolite.com
> http://www.rhyolite.com/mailman/listinfo/dcc

--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.