Results 1 to 7 of 7

Thread: Spam Idea: aliases to the training address

  1. #1
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    6

    Default Spam Idea: aliases to the training address

    I just had a flash.

    In another thread somewhere today, I asked about training the spam system by feeding it lots of spam that ended up in mailboxes that were never advertised in my domain, but were for valid local users (I shared the machine with a group that used it for Samba storage).

    So what about this idea? Pick non-used names for mailboxes in your domain that are likely targets for dictionary attacks, and alias them onto the spam training account.

    Instant free spam training.

    If you commercialize the idea, I want a free license. :-)
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Good idea, and one that some people already use, but remember the downside in that your bayes could also be poisoned as you are not controlling what information is being trained.

  3. #3
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    6

    Default

    Well, ok, but if I have 38k messages in a mailbox -- and I know they're all spam, because the email address was never valid, what would I filter for to avoid poisoning, and much more to the point... *how*?
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Are you sure that every email is a SPAM ? What happens if somebody has typed in a email address incorrectly by accident

  5. #5
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    6

    Default

    I am absolutely sure, yes. That domain had *two* active mailboxes on it, "jra" and "asp"; I'm sure you'll agree that neither of those looks remotely like a dictionary attack target.

    This idea might not be suitable for everyone, but I think it will probably work for me.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  6. #6
    brained is offline Loyal Member
    Join Date
    Dec 2005
    Posts
    94
    Rep Power
    9

    Default

    Hide bogus email addresses in your web site (White text on White background, etc). Use random characters for the actual addresses. Set these addresses as the aliases for your spam account.

    Poof!

    No more harvester spam.

  7. #7
    Baylink is offline Elite Member
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    6

    Default

    Is it possible to set such addresses as aliases on the spam training account, as I infer, or won't that work?
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  2. Deleted spam training accounts by fault
    By karmek in forum Administrators
    Replies: 6
    Last Post: 07-13-2007, 05:05 AM
  3. How to check if spam training is working?
    By tbovingdon in forum Administrators
    Replies: 1
    Last Post: 03-13-2007, 05:57 AM
  4. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM
  5. Spam training has no cron job
    By richard-hdd in forum Administrators
    Replies: 3
    Last Post: 09-13-2006, 11:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •