precedence: bulk
Subject: Risks Digest 20.89x

RISKS-LIST: Risks-Forum Digest  Monday 29 May 2000  Volume 20 : Issue 89x

  FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
  ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/20.89x.html>
and by anonymous ftp at ftp.sri.com, cd risks .

 Contents:
Junk-mail filters: full version of excerpt in RISKS-20.89 (Gary Cattarin)
 [NOTE: ARCHIVE COPY ONLY; NOT DISTRIBUTED]

----------------------------------------------------------------------

Date: Fri, 19 May 2000 11:41:41 -0700
From: "Gary Cattarin" <[email protected]>
Subject: Junk-mail filters: full version of excerpt in RISKS-20.89

This I'm sure has been covered before, but here's an interesting example of
filters gone awry.

I recently upgraded (?) to MS Office 2000, which, among other things, lets
you have more than 8 email filters active at once.  In my glee I started
turning things on, including junk mail filtering.  Surprise!  I found 8-10
important messages - all replies to a query I sent out to a personal mailing
list - all dumped into the Junk Mail folder.

What was it?  I'm riding in a charity bicycle ride, and I needed to tell my
pledge-ees that I needed their money now.  So I sent them an email updating
my training status and asking them to send their checks.  Obviously, this
message had at least one dollar sign "$" in it - and because I'm an
excitable guy it had at least one multiple exclamation mark "!!", and since,
at the end, I chided my manager to make good on my exaggerated version of
his pledge:

       >> Mark, didn't you promise $5,000 or something like that?

..we also hit the magic phrase ",000".

Now, the fine folks in Redmond have determined that if these three elements
converge, you have received Spam.  The actual rule (from their web site) is:

   Body contains ",000" AND Body contains "!!" AND Body contains "$"

Who'd have guessed?  In fact, even looking at their filter list, it took me
a long time to figure out which rule I'd hit.  (OK, I'm slow sometimes.)

I guess the rule is (a) don't get too excited ! - one "!" at a time!  (b)
specify your currency as "USD", and (c) use European periods ("5.000")
instead of North American commas in large numbers.  OK, that's silly.  But
just as silly is the fact that any spammer can read the list of rules and
tailor their email to avoid them.

Of course, you might never read this, because if you have junk email
filtering turned on, Outlook will catch THIS message and do with it as
you've requested for junk mail.

Two other interesting points:

(1) In the adult filters you'll find these two:
   Subject contains " sex"
   Subject contains "free" AND Subject contains "sex"
The first is set up with a leading space to only accept the *word* "sex", so
those of us who live here in Middlesex county don't lose any local-related
mail.  But the writer of the second wasn't so careful - what if the
Middlesex News offers free subscriptions?  That's Spam, yes, but not porn (I
guess that's why that newspaper changed its name...).

(2) Don't address your dear friend as such - note the rule:
   Body contains "Dear friend"
My golly!  I can't send some good old-fashioned heartfelt feelings to my
dear friends!!  (oops, double "!!" - I got excited!)

This stuff can be very dangerous...

The entire list is at
http://officeupdate.microsoft.com/Articles/newfilters.htm - I've also
included it here but the editor may choose to cut it from the journal in the
interest of space.

   Junk E-mail Filter

   First 8 characters of From are digits
   Subject contains "advertisement"
   Body contains "money back "
   Body contains "cards accepted"
   Body contains "removal instructions"
   Body contains "extra income"
   Subject contains "!" AND Subject contains "$"
   Subject contains "!" AND Subject contains "free"
   Body contains ",000" AND Body contains "!!" AND Body contains "$"
   Body contains "Dear friend"
   Body contains "for free?"
   Body contains "for free!"
   Body contains "Guarantee" AND (Body contains "satisfaction" OR Body
contains "absolute")
   Body contains "more info " AND Body contains "visit " AND Body contains
"$"
   Body contains "SPECIAL PROMOTION"
   Body contains "one-time mail"
   Subject contains "$$"
   Body contains "$$$"
   Body contains "order today"
   Body contains "order now!"
   Body contains "money-back guarantee"
   Body contains "100% satisfied"
   To contains "friend@"
   To contains "public@"
   To contains "success@"
   From contains "sales@"
   From contains "success."
   From contains "success@"
   From contains "mail@"
   From contains "@public"
   From contains "@savvy"
   From contains "profits@"
   From contains "hello@"
   Body contains " mlm"
   Body contains "@mlm"
   Body contains "///////////////"
   Body contains "check or money order"

   Adult Content Filter

   Subject contains " xxx"
   Subject contains "over 18"
   Subject contains "over 21"
   Subject contains "adult s"
   Subject contains "adults only"
   Subject contains "be 18"
   Subject contains "18+"
   Body contains "over 18"
   Body contains "over 21"
   Body contains "must be 18"
   Body contains "adults only"
   Body contains "adult web"
   Body contains "must be 21"
   Body contains "adult en"
   Body contains "18+"
   Subject contains "erotic"
   Subject contains "adult en"
   Subject contains " sex"
   Body contains " xxx "
   Body contains " xxx!"
   Subject contains "free" AND Subject contains "adult"
   Subject contains "free" AND Subject contains "sex"

Gary Cattarin <[email protected]>

------------------------------

End of RISKS-FORUM Digest 20.89x
************************

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.