From: Peter J. H. <hj...@hj...> - 2003-04-21 19:48:36
|
On 2003-04-20 23:30:23 -0700, Sis wrote: > On Sun, 20 Apr 2003, Jordan Ritter wrote: >=20 > > On Sun, Apr 20, 2003 at 12:54:04PM -0400, Duncan Findlay wrote: > > > > # Many spmammers like to spamvertise sites that are entirely legit in > > # an attempt to discredit the company. (like spamcop.net) If we did > > # this, I would bet that spammers would start adding links to > > # http://www.spamassassin.org, and others. Too much abuse, I say. > > > > Yeah, at that point you'd need a way to rate the URLs, hm, maybe a > > community of people can make assertions for and against them, then > > group consensus be reached around what are SPAMmy urls and what > > aren't.. > > > > oh wait, yeah, that sounds familiar. ;-) >=20 > Yes. I see the joke, but that was really my point in the first place. > Razor doesn't rate the URLs, etc. from the content of the boy of the > e-mail. So why not a Razor-like community that does rate them? Why not use razor? Write a new filter type, which returns only the URLs from the mail (actually, you might restrict that to the last 2 or 3 components of the hostname to get rid of tracking numbers in the URL). Each URL is checked separately, just like the checksums for each part in a multipart MIME message are now.=20 For example, if the spam looks like this: <p>As seen on <a href=3D"http://www.cnn.com">national tv!</a> <p>Grow a <a href=3D"http://12345678.bignose.com">Bigger Nose!!!!</a> <p><a href=3D"http://we-spam.co.at/confirm?po...@vi...">Click here to unsubscribe</a> The URLs extracted will be: www.cnn.com cnn.com 12345678.bignose.com bignose.com we-spam.co.at co.at Of these www.cnn.com, cnn.com and co.at will also be in a lot of non-spam mails so they will be revoked pretty quickly. 12345678.bignose.com will be unique to this recipient, so it will basically be ignored. bignose.com and we-spam.co.at, however, identify the spammer. Since URLs need to clickable to be effective, they cannot be disguised (except via javascript tricks, and that in turn would be a good indication of a spam mail). I don't know how the trust system will react if almost every report will contain some signatures which are heavily contended and some which aren't, > I am not technically astute enough to just take the Razor code and > change it "slightly" so that it becomes a rating system of proposed URLs > and/or phrases found in the bodies of e-mails. Is there anyone willing to > make "Razor-for-internal-content" ? The server code isn't open source, so we can't change that. The client code should be easy enough to modify, and it would probably be possible to misuse one the existing filter types, but i think that would be a bad idea. If such a filter is added to razor, it should be added officially. hp --=20 _ | Peter J. Holzer | Latein ist das humanoide =C4quivalent |_|_) | Sysadmin WSR | zu Fortran. | | | hj...@hj... | __/ | http://www.hjp.at/ | -- Alexander Bartolich in at.linux |