[nycbug-talk] Spam probes

Hans Zaunere hans
Sat Nov 13 15:39:31 EST 2004 

> > http://nyphp.org and put your mouse at the very bottom in the left
> > corner (just below the XHTML,CSS text) you'll see there's a hidden
email
> > address.
> 
> Thanks for the pointer.
> Did a "view source" and copy/paste your mailto with white background.
:-)

No problem... one you generate an email address, it should also spit out
some sample HTML you can use.

> > This points to http://spamsync.net where you can generate random
email
> > address to embed in pages for probing
> 
> I just made 3 email addresses.. a general one for mail related spam,
> another to put on the web page and a third to bounce spams from other
> accounts.

Nice... but I only see one new email address created?

> > The plan for this system was similar to that of pyzor, where I would
be
> > adding analysis of the type of spam that's in the wild, but I never
got
> > around to finishing it.
> 
> You mean you designed spamsync?

Yeah - started as a project I wanted to work with back in the spring,
but never got to finish it up.

> So far I am not sure pyzor is for me. I like the idea, but the fact
that
> there is a central server and there doesn't seem to be a distributed
> system worries me.
> 
> > If anyone wants to help, feel free :)
> 
> How does it work though?

It's very simple.  The goal is to have a system that detects the "state
of spam" and what's out in the wild.  It does this by having people
generate "syncs" which are embedded into various web pages/emails/etc
around the internet.

As the spam spiders crawl these places, they pick up these addresses,
and begin spamming them.  By storing and analyzing real spam, an
extremely current and accurate set of spam detection rules could be
implemented.

Just like a repository of blacklisted IPs and domains are kept for open
relay, spamsync is a repository of the actual spam, and is kept for
matching against.

While a character to character match of emails to spam wouldn't make
that much sense (since they are sometimes randomly generated) a loose
match would work.  That is, it would make catching spam much more
efficient and accureate, since you have something to compare it against,
ie, real spam that's been caught out in the wild.


---
Hans Zaunere
President, Founder
New York PHP
http://www.nyphp.org

More information about the talk mailing list