bbs.spamgourmet.com

By: nobody ( Nobody/Anonymous )
Is it possible to fool SG like this?
2003-05-07 00:54

Saying: There´s an imganinary user with the adress: fuckoff.5.johndoe@spamgourmet.com

Knowing that it is a Spamgourmet-Adress and aware how the system works, I could send him mails after mails by using the adresses:
yourself.20.johndoe@spamgourmet.com
a.20.johndoe@spamgourmet.com
b.20.johndoe@spamgourmet.com
c.20.johndoe@spamgourmet.com
and so on.

It should be easy to write a script for my - imaginary - spam-machine, that creates on every opportunity a legal prefix for "johndoe@spamgourmet.com";

Right?

Countermeasures?


Your´s

Kleinalrik


By: maratheamit ( Amit Marathe )
RE: Is it possible to fool SG like this?
2003-05-07 13:16

Look at the watch and prefix features in advanced mode. While they are not perfect using them will give you much better protection against a dictionary attack like the one above.

-- Amit


By: nobody ( Nobody/Anonymous )
RE: Is it possible to fool SG like this?
2003-05-10 06:

Irritating John Doe might not be a very good idea.
He might be technically savvy. And he might decide to track you down.

Most spammers have to provide a way to order. John Doe might attack the ordering mechanism.

Spammers can't take people to court since they could be served papers there. Some states provide for damages for UCE. sam@amsolinc.com owes me $400 or more.

- spamGourmet_forum.sourceforge.2.jim2710 ... ourmet.com

(To really send me a note, change sourceforge to your name.)

Well, it´s possible to fool SG System even with the watch and prefix features.
Example:
Filter Only emails with words pig and john

You send a address john_thebig_piggy.3.username@spamgourmet.com

So the addresses
1john_thebig_piggy.3.username@spamgourmet.com,
5john_thebig_piggy.3.username@spamgourmet.com,
1john_thebig_piggy8.3.username@spamgourmet.com,
0john_thebig_piggy.3.username@spamgourmet.com,
funkythings1john_thebig_piggy.3.usernam ... ourmet.com,
it5john_thebig_piggyilike.3.username@spamgourmet.com,
wack1john_thebig_piggy8dsae.3.username@spamgourmet.com,
and a lot of examples more will work, because all of them have "pig" and "john"

And with the prefix thing, just adding letters and numbers to, if the address has 3 parameters (myself.0.user) adding they to the 1st, and if it has 4, (prefix.myself.0.user) adding to the 2nd

That's when you change your watchwords to something different to keep _new_ addresses without the _new_ watchwords from being created.

first, in 3 years, there've been probably less than 10 messages that were sent to addresses that the user didn't fabricate, so relax...

Watchwords use regex matching, so if you have:

^myword

then 1myword.3.user@spamgourmet.com won't work, since you've specified that myword must come at the beginning. Similarly, if you use:

^my.*word$

then my1word, my3deword will work ,but 1my2word and my3f3word3 will not, and so forth.

Would it be too difficult to have the SG server only allow email addresses that were initially created by the owner of the SG mailbox?

i.e. yourself.20.johndoe@spamgourmet.com would only be valid if an email was sent from the registered email address to the "new" address.

This would mean that you would simply have to send one email to create an email address. This would prevent someone from abusing the SG concept. I realize that this is currently not an issue, however, if the ability to create new addresses were restricted to the inbox owner it would be an improvement.

Anonymous wrote:Would it be too difficult to have the SG server only allow email addresses that were initially created by the owner of the SG mailbox?

Actually, if you just put a watchword to something very specific, nobody will be able to guess it and you'll effectively prevent creation of new addresses.

I don't see anywhere on the site where it says that watch-words are regular expressions.

It sounds like quite a powerful feature, something like

[adu]..[dpw].*[sda]

would be hard to infer even for a human reader.


Are there any other undocumented features?

There aren't any undocumented *intended* features - the regex matching is a side effect of the way the code does watchword matching:

Code: Select all

sub containsOne {
  my $stuff = shift;
  my @words = @_;
  my $word;
  my $matches = 0;
  foreach $word (@words) {
    if ($stuff =~ /$word/i) {
      $matches = 1;
    }
  }
  return $matches;
}


The words aren't "regex-escaped", which could be considered a bug, but tends to work to everyone's advantage instead. The reason it's not mentioned on the site is because I have a hard enough time explaining spamgourmet itself repeatedly -- I've always doubted my ability to explain regex to the same folks

Another undocumented feature is that you can extend the life of an address indefinitely by adding the address itself as "exclusive sender" - since the code matches both the from: and the to: address against it (to account for mailing lists that are always to: the same address), this has the effect of making any message addressed to the address (but not CC or BCC) be passed through as if it were from the exclusive sender. This was unintentional and is not documented because it defeats the "deadman switch" that keeps the site from getting overloaded.

josh wrote:Another undocumented feature is that you can extend the life of an address indefinitely by adding the address itself as "exclusive sender" - since the code matches both the from: and the to: address against it (to account for mailing lists that are always to: the same address), this has the effect of making any message addressed to the address (but not CC or BCC) be passed through as if it were from the exclusive sender. This was unintentional and is not documented because it defeats the "deadman switch" that keeps the site from getting overloaded.

Though it doesn't seem to work when your address is in the "to" field with other recipients. I wonder if putting in a .* regex on either side of the address would help?

Ben

This whole ideas of using regexp for watchwords gives me an idea for using them on the usenet.....

I have some evidence that shows that some "clever" spambots actually strip off certain words used to mungle emails . Eg Spam ,remove.

A way around the problem would be to make Spam a watch word!

A way around the problem would be to make Spam a watch word!

that's pretty good