Maximizing effectiveness against 'empty' spam?

Vernon Schryver vjs@calcite.rhyolite.com
Thu Jun 17 05:10:35 UTC 2004


> From: Robert Thille <list-dcc@rangat.org>


> However, with the DCCIFD_REJECT_AT set at '10', sending 11 identical
> messages with empty bodies doesn't get any messages rejected.

All three DCC body checksums require some minimal bits on which
to compute their sums.

> I'm guessing that the problem is the '-t CMN' part, since the man page
> lists CMN as 'Body, Fuz1, Fuz2'.  Do Fuz1 and Fuz2 cover the headers,
> or are they just 'fuzzy' checksums of the body?

The Fuz1, Fuz2, and Body checksums are only of the SMTP body after
the blank line separating the headers from the rest.

The best way to figure out what is going on is to turn on logging by
setting DCCM_LOG_AT or DCCIFD_LOG_AT to 0 in dcc_conf or turning on
"option log-all" in your main or a per-user whiteclnt file.  The
resulting log files will have the checksums and their counts.

The idea of the DCC is to count targets of substantially identical
messages.  "Substantially identical" gets boring near empty and
nearly empty messages such as "thanks" and "test".

If you want to reject bodies without enough natural language text to
support a FUZ2 checksum, please consider using a line in your whiteclnt
file like that in this comment from the sample whiteclnt file:

    # This rejects messages with substantial text but few words.
    #   If you receive binary or non-text email, you probably
    #   do not want to use this blacklist entry
    #many   hex     FUZ2: 00000000 00000000 00000000 00000000

That won't handle genuinely empty bodies, and it has significant false
positives.

A similar kludge could be added to Body checksums, but it would have
many false postives for the same reasons we have a common whitelist
of nearly empty messages and a script that fetches it.  See
var/dcc/libexec/fetch-testmsg-whitelist and
http://www.iecc.com/dcc-testmsg-whitelist.txt


I'll spare you the rant trigged by such familiar and destructive "QA"
noise.  Why are so many QA groups rewarded only for shouting "BUG" and
never penalized for shoddy work?  Why do most test suites contain
orders of magnitude more and worse bugs than the code they purport to
test?  Why do the pointy haired hire so many hopeless political hacks
as test czars? ... but I'm trying to spare you.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.