Gossamer Forum
Home : General : Chit Chat :

A question about SPAM

Quote Reply
A question about SPAM
I get a lot of spam. Almost 100% of the spam I get contains links to sites and images. I've noticed several trends in spam:

1. A majority of them use nonsense tags to break up text in an attempt to foil email filters (example below).

<sparingly>SP</sparingly><winter>AM</winter> results in "SPAM" (when HTML view is enabled).

2. Many contain links such as this one I just got:
<a href="http://destine@www.10cialagenius.biz/default6.htm">

3. Many contain hidden input tags with a long string of characters (I assume to indentify someone/something):
<input type="hidden" value="agaejlfjafljja ljfafjkj">

I can't think of any legitimate use for any of the above things I mentioned. Can you?

I tried to set Microsoft Outlook up to filter and delete items based on the above, but Outlook either doesn't look for items in the <html></html> section of the body of an email, or it doesn't understand "contains" (pattern matching). Such as Example (ample in Example).

So... I was hacking this sample script I that came with "Perl for Dummies" and wondered if it would be good as a SPAM filter.

Code:
$Name = 'yourUserName';
$Pass = 'yourPassWord';
$Serv = 'mail.yourDomain.com';

use Mail::POP3Client;
$Client = new Mail::POP3Client($Name, $Pass, $Serv);
$TheState = $Client->State;
if($TheState eq 'AUTHORIZATION')
{ die "Bad user name or password.\n" }
elsif($TheState eq 'DEAD')
{ die "Mail server unreachable or unavailable.\n" }

# Find out how many messages there are
$NumMsg = $Client->Count;

#Loop through the messages (starting at 1)
for($i = 1; $i<=$NumMsg; $i +=1) {

$Body = $Client->Body($i);
if ($Body =~ /(input|\@www.)/) {
$Client->Delete($i);
&ProcessReport($Body);
last;
}

}
# Close the connection so the delete happens
$Client->Close;

sub ProcessReport {
my($Report) = pop(@_);
# Do something here that is processing the report
print "deleted 1 or more emails";
return;
}

As you can see here I'm filtering on "input" and "@www."

This seems to work, but I haven't tested it thoroughly and I don't know enough about Perl to know if this is good code or sloppy code.

My thoughts are to have an icon on my desktop that would launch this script then have it execute Outlook when done. Not sure though.

Any comments, ideas?

I guess I could sign up for somekind of Spam Killer account or software - but that wouldn't be any fun.
Quote Reply
Re: [Watts] A question about SPAM In reply to
Hmm, a better perl script to catch spam would be:

Code:
my $sa = Mail::SpamAssassin->new;
my $status = $sa->check_message($email);
if ($status->get_hits >= 5) {
# This is spam.
}
else {
# Nope!
}

=). Your number 2 example reminds me, there is a recent ie exploit that allows you to use that style of URL to hide what domain you are on:

http://www.zapthedingbat.com/security/ex01/vun1.htm

I imagine there will be even more paypal/aol/ebay credit card scams now.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] A question about SPAM In reply to
What does this line do? "if ($status->get_hits >= 5) {" -- Meaning the "5". I'll check out the sa package. Sounds cool.

BTW I tweaked the code if anyone is interested, so that it loops properly and gives an accurate count. I've also come to the conclusion that anything from a ".biz" domain is going to be spam.

Code:
$Name = 'yourUserName';
$Pass = 'yourPassWord';
$Serv = 'mail.yourDomain.com';


use Mail::POP3Client;
$Client = new Mail::POP3Client($Name, $Pass, $Serv);
$TheState = $Client->State;
if($TheState eq 'AUTHORIZATION')
{ die "Bad user name or password.\n" }
elsif($TheState eq 'DEAD')
{ die "Mail server unreachable or unavailable.\n" }

# Find out how many messages there are
$NumMsg = $Client->Count;

#Loop through the messages (starting at 1)
for($i = 1; $i<=$NumMsg; $i +=1) {

$Body = $Client->Body($i);

foreach ($Body =~ /(type\=hidden|type\=\"hidden\"|\@www.|\/cable\|Best Bargains|.biz|\%RANDOM|myonlinespecials)/) {

$Client->Delete($i);
last;
}
}

$Client->Close;
print "deleted $NumMsg email(s)\n";
sleep(3);

I created a shortcut on my desktop "C:\bin\perl\perl.exe popcheck.pl" and this morning with just the "@.www" filter alone it caught 30 emails before they hit my inbox.
Quote Reply
Re: [Watts] A question about SPAM In reply to
Quote:
if ($status->get_hits >= 5) {

Spam Assassin looks for traces of spam using different methods and so each trace found using a specific method (eg is the subject ALL CAPS?) increments the hits - so anything around 5 or more is probably spam. Sometimes valid emails can get one or two hits.

I think that's what it does anyway Cool

Last edited by:

Coombes: Dec 15, 2003, 7:55 AM
Quote Reply
Re: [Coombes] A question about SPAM In reply to
Thanks! I figured it be something like that but wasn't sure... I'll ppm it later today and check it out.