«
»

Spamkiller spam filter help

6/14/2003, 12:00 pm, General

Here’s another weapon in the war against spam. In the last year I’ve started receiving a lot of spam that Spamkiller hasn’t been able to filter. These spams look like garbage when viewed in Spamkiller. I’ll see garbage like this in the body of the message: DQoNCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIgQ09OVEV…

Well, what the spammers are doing is encoding the messages in Base 64. Outlook knows how to decode Base 64 but Spamkiller doesn’t.

Here’s how I set up filters to stop this type of spam. I used this very helpful site to encode a couple bits of text into Base 64 and then I stuck those encoded bits into Spamkiller’s killfile.

More specifically, I encoded some very popular strings, like “a href=http://” and made those into Spamkiller filters. So, in this example, if the email isn’t in my don’t-kill file, it’s HTML based, encoded in Base 64, and has a hyperlink, Spamkiller will kill the message. This system is case-sensitive so I had to add a bunch more filters to cover other combinations of cases…

Regular Expression for a href=”http://
a href=”http:// converts to YSBocmVmPSJodHRwOi8v
href=”http: converts to IGhyZWY9Imh0dHA6L
href=”http:/ converts to aHJlZj0iaHR0cDovL

Regular Expression for A HREF=”http://
A HREF=”http:// converts to QSBIUkVGPSJodHRwOi8v
HREF=”http: converts to IEhSRUY9Imh0dHA6L
HREF=”http:/ converts to SFJFRj0iaHR0cDovL

Regular Expression for a href=http://
a href=http: converts to YSBocmVmPWh0dHA6L
href=http:/ converts to IGhyZWY9aHR0cDovL
href=http:// converts to aHJlZj1odHRwOi8v

Regular Expression for A HREF=http://
A HREF=http: converts to QSBIUkVGPWh0dHA6L
HREF=http:/ converts to IEhSRUY9aHR0cDovL
HREF=http:// converts to SFJFRj1odHRwOi8v

So, in case it’s not clear, I went into Spamkiller and, using the Advanced… button I created 12 Message Text Filters that look like this the photo on the right.

Of course, the war will continue to escalate. There are other obfuscation techniques that this technique doesn’t prevent.

I still believe that the best way to stop spam is to legislate it away. This worked with spam faxes and it can work with spam email.

Joy.

Trying to set up an scp server on my Windows 2000 machine is reminding me why I got out of using linux. People are ecstatic about writing supercharged, amazing tools that can help you conquer the world, but they don’t ever bother to tell you where the frigging “start” button is!!

Leave a Comment

Do not write "http://" or "https://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.