I don't know if it's an evil side in me, or just a tendency to want to "do things right", but when I look at some of the spams that Spam Assassin catches, I can't help thinking I'd do a much better job as a spammer, and then go on to imagine how I'd go about it.
Take for instance a message that got rated 15.00 (I kill at 5.00). Summing up the errors in the headers (invalid date, date in the future, invalid to, MIME error, poorly faked Outlook headers...) you already shave off 8.6 points, down to 6.4. Only 1.5 points to go and you're below my threshold.
So what's left? I won't touch on the points it got for "high spam content", but the addition of all points awarded for several click-belows and click-heres with caps gives 1.6 points. That brings us down to 4.8, and voilÃÂ , the message makes it to my inbox (where it'll live a split second before I give it the del).
That wasn't even difficult, all I had to do was run it through SA. I'm sure that if I applied myself to it I could create a spam with the same content that would rate circa 3.00, a very safe value considering I get perfectly sollicited mail at around 4.5. By subscribing to the SA mailing list and becoming familiar with the code, I guess I could also exploit the negative points that SA sometimes gives a message. It's not like it'd be something that would require a highly trained programmer.
So if there's so much money in spam, why don't they hire competent people? As much as I'd like to believe that all smart people are also honest and wouldn't spam, I very much doubt it. Spammers really are stupid then...
Re:Possibly....
darobin on 2003-02-10T13:29:49
Yes, I considered that, but it's imho a bad move. I'd say your largest target base of people that are likely to fall into your trap are people that have a computer at work and aren't computer-savvy. And office networks are the most likely places to find Spam Assassin or some such spam-filtering software running on. Studies on porn usage and porn filtering would certainly tend to point in that direction.
Re:Possibly....
ziggy on 2003-02-10T14:49:10
I don't think the issue is hiring a good programmer to hit the right-hand side of the bell curve. Nor is it in hitting the fat belly of the bell curve (office workers where spam filtering is in use).Spamming is about doing precision shooting with a gattling gun from a moving vehicle without shock absorbers driving down a bumpy, hilly road. The target is always going to be the stupid people on the far lefthand side of the bell curve. Fire enough shots (or send enoung spams), and eventually you'll find your target. The response rates are as low as they are because only a few poor saps will fall for the Nigerian email scam not because the vast majority of the world is running spamassassin directly or by proxy.
Given that the goal of a spam message is to find the few idiots who actually fall for a spam message, the issue isn't about reducing spamassassin's antispam ratings. At least until those idiots are mostly using managed email services that incorporate spam filtering. Until that time, hiring a good programmer instead of a $25 spamming script is simply not economically worthwhile.
After all, you say that a few clueful (and presumably expensive) changes to a spam with a 15.0 rating would only get it past spamassassin, but would also be deleted as soon as it hits your mailbox.
:-) Re:Possibly....
darobin on 2003-02-10T14:59:21
I can see that yes. However, I might be selling a $50 or $100 spamming script if I can show how competing scripts perform when faced with SA. I might even build SA checking into it to help the user get past the barriers
;) It is usually a win, even in such a stupid industry, to be tech-savvy first. On planet pr0n, those that figured out content management and such things early are those that are still around. But then, I guess that just as there were five smart internet pr0n people in a sea of very stupid guys, there must be no more than five smart spammers today. I must say I loved the metaphor
:-)
Fre e viagra # doesn't match "free"
Gratis passwords! # Not even close to free
M0rtgage quotes
etc etc etc
Re:They're not all dumb
darobin on 2003-02-10T17:48:18
That's interesting, I get none of that. The only spam messages (out of ~200/day) that get through SA are some that are really small and don't accumulate enough points even though they are 100% spam. None of that would beat a bayesian filter though I guess.
