RE: Is predictable spam filtering a vulnerability?

["Andrew Hunter" <andiroohunter () msn com>]

I think spam filters arn't the solution to the spam problem. If someone gets 
200 spam emails aday then what use is a spam filter telling them the email 
was rejected? The user will end up not looking at the list of rejected 
emails because it's sooo big.

Filtering certain works is also bad aswell eg "penis", "viagra".
It can easyly be evoided:
Email "Free penis enlargement pills" - Would be filterd
Email "Free pen is enlargement pills" - Wouldn't be filtered

So in order to be effective it has to look for variations on the works
For example "penis" it could look for "P E N I S", "peni$" etc...

This is when the problems start. I get sent 200 spam emails the rejected 
emails log is huge, i can't be bothed to look through it, it'll take tooo 
long, but it has removed an important email.

Email "Dear Andiroo, I have found your pen, it was under my desk. You PEN IS 
now in the top draw of your desk".

Ok i lost my sepcial pen, my friend has found it but look "PEN IS" is like 
"PENIS" so it's been taken by the spam filter.

My solution for spam:
I think there should be a huge database on spam emails, just like an anti 
virus scanner but for spam. I think it is that simple have an anti-virus but 
for spam, i am sure that if i get a spam email someone else will have 
exactly the same email so if i can submit it to the database and it's added 
to it quickly so everyone can get the updates then there would be no 
problem, but there is soooo much spam out there we would for ever have to 
update or ever growing in size databases.

I think this would eliminate alot of spam, I have ran out of ideas for 
preventing spam emails, so what other effective solutions already out there?



> From: "Aaron Cake" <aaron () vltpm com>
> To: <bugtraq () securityfocus com>
> Subject: RE: Is predictable spam filtering a vulnerability?
> Date: Thu, 17 Jun 2004 10:18:46 -0400
> MIME-Version: 1.0
> Received: from outgoing2.securityfocus.com ([205.206.231.26]) by 
> mc8-f2.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 18 Jun 2004 
> 14:43:23 -0700
> Received: from lists2.securityfocus.com (lists2.securityfocus.com 
> [205.206.231.20])by outgoing2.securityfocus.com (Postfix) with QMQPid 
> 78FB1143812; Fri, 18 Jun 2004 18:26:43 -0600 (MDT)
> Received: (qmail 4774 invoked from network); 17 Jun 2004 08:06:11 -0000
> X-Message-Info: JGTYoYF78jEQIQmJRqn4zIchqtVGhE2/
> Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <bugtraq.list-id.securityfocus.com>
> List-Post: <mailto:bugtraq () securityfocus com>
> List-Help: <mailto:bugtraq-help () securityfocus com>
> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
> Delivered-To: mailing list bugtraq () securityfocus com
> Delivered-To: moderator for bugtraq () securityfocus com
> Message-ID: <009601c45476$00737fe0$650aa8c0@aaronxp>
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2739.300
> In-reply-to: <200406161326.AA304546076 () dewmill com>
> Return-Path: bugtraq-return-14825-andiroohunter=msn.com () securityfocus com
> X-OriginalArrivalTime: 18 Jun 2004 21:43:23.0227 (UTC) 
> FILETIME=[478332B0:01C4557D]
>
> > During a recent email conversation with several participants, we
> > discovered that the email service of one participant silently
> > dropped legitimate emails that happened to contain certain
> > combinations of words common in spam. I believe this sort of
> > filter is common practice, and in fact even in place for some of
> > my own email addresses.
> >
> > However, this experience made me think: isn't predictable spam
> > filtering in general a vulnerability that could be used as a hoax
> > device?
>
> Certainly. I have brought this issue up with several other ISPs who insist
> on blocking my personal domain because I'm a "little guy". They can't prove
> that I don't spam, so they default to blocking everything that comes from 
> me
> instead. AOL is the biggest and perhaps most annoying offender.
>
> I personally see this as a denial of service attack against MYSELF.
> Obviously not meant to be malicious in nature, but quite effective
> regardless.
>
> Imagine if I decided to use a spam fitler against someone else...I make an
> email that contains known rejected words. I send that email, setting the
> "FROM" address and header to be that of my victim. If I send out hundreds 
> of
> these messages, I can use someone else's spam filter to mail-bomb my victim
> with "rejected" messages.
>
> The REAL issue is that any email filter that silently drops messages can
> easily mistake legitimate mail for spam. The user never knows, sometimes 
> the
> sender doesn't know, and the braindead admins who set up the filter think
> they've done their job. What is even more useless is when the message is
> bounced with instructions on how to get off their block list. You send an
> email to their admin, yet it is bounced!
>
> Spam filters are often worse then the spam problem itself.
>
> ---
> Aaron Cake
> Technical Services
> Advanced Computer Ideas
> Phone: 1-519-433-0279
> Fax:   1-519-433-5413

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! 
http://www.msn.co.uk/messenger