Re: Is predictable spam filtering a vulnerability?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 18 June 2004 6:05 pm, Andrew Hunter wrote:
> Filtering certain works is also bad aswell eg "penis", "viagra".
> It can easyly be evoided:
> Email "Free penis enlargement pills" - Would be filterd
> Email "Free pen is enlargement pills" - Wouldn't be filtered
>
> So in order to be effective it has to look for variations on the works
> For example "penis" it could look for "P E N I S", "peni$" etc...
It's not all that hard to make a better filter with regex. The following would
catch everything you suggested.
'p.?[eé].?n.?[|ííiil1].?[s$]'
It would also catch p.e.n.i.s and p e-ni-s, etc.
Yes, it's possible that it would stop "Your pen is in your top drawer". I
whitelist the people I know. They never see the filter.
After administering a bunch of Mailman lists, I had to automate or spend hours
thumbing through the reject list. Now, I can automatically kill 95+% of the
messages on hold that are spam and look through what's left. List members
never see the filter as long as they post in plain text. (I hold for mime
headers, too)
- --
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA1Pl3WMqSOYd58pwRAgdeAJ49xwYqnqE3gxEklgrqWS9BujvTNgCfYL/4
omWs39lqrDefqfCrvQ9Ykyk=
=geC0
-----END PGP SIGNATURE-----