# A new form of spam attack on Bayes Filter based spam filters

## jkcunningham

I've been running parallel spam filters as an experiment for sometime. I have procmail split my incoming mail into two paths: one goes through bogofilter, the other through SpamAssassin. I am accumulating the Nehman-Pearson statistics (false-alarm, false-negative, hit, and miss rates). 

For some time now I've been noticing an increasing number of spam making it through which is of this form:

 *Quote:*   

> ameliorate burglarproof activation radical methodic chauffeur bilateral cutworm lund retrogress adrift acquitting bryant surfactant sutton scriptural vide wolves aeronautic honorific
> 
> The ultimate digital cable filter
> 
> The filter will allow you to receive all the channels that you order with your remove control!
> ...

 

And that's all there is to it. Here's another one:

 *Quote:*   

> relfgsqm rabbit-hole went straight on like a tunnel for some way, and then dipped suddenly down, so zvmzg Alice had not a moment to think about stopping herself she found pqazpqkgbf down a very dark wwnir.
> 
> Did you know that the normal c0st for V1AGRA is $25, per dose?
> 
> kvrquop itgysyeno rvdxayhceb nloikcd fpeejydwl
> ...

 

I couldn't figure out what the purpose of these were at first. They have no contact information, no links of any kind. Just a seemingly random collection of words, phrases and gibberish. 

I just figured it out. What they are attempting to do is flood the Bayes filters with mail which will skew the statistics used to access spam. They are - in effect - raising the noise floor point by point so that they will eventually become far less effective. 

Its really very clever, and shows a certain mathematical sophistication on the part of some spamers (or the people selling them a pipeline). I'm not sure how effective it will be in the end, but I have noticed in increase in the miss rates for both filters. And now that Bill G. is entering the spam filter market with their product (which is no doubt Bayes filter based), the incentive becomes even greater on the part of the spammers to devise methods like this. 

We're in an arms war, people. Time to get clever again....

-Jeff

----------

## nephros

Yes, I get these too.

They started approximately at the time the term "Bayesian" had hit the slashdot frontpage for the third time.

 *jkcunningham wrote:*   

> 
> 
> We're in an arms war, people. Time to get clever again....
> 
> -Jeff

 

Yes, but filtering at the receiving end never helped fight spamming, it just hid the fact that there is a war.

----------

## SpinDizzy

 *nephros wrote:*   

> Yes, but filtering at the receiving end never helped fight spamming, it just hid the fact that there is a war.

 

That is like saying locking your car and installing an alarm never helped fight car theft, it just hid the fact that there were cars being stolen. 

If filtering had no effect on spammers, they would make no effort to by-pass it.

Just as car alarm manufacturers are locked in an arms race with car theives, spam filter developers are locked in with the spam developers.

In an ideal world all spammers would be caught and prosecuted, as would all car thieves...

----------

