Is it possible to fool SG like this? (OldForumCopy)

General discussion re sg.

Is it possible to fool SG like this? (OldForumCopy)

Postby miniscus » Sun Aug 31, 2003 12:01 am

By: nobody ( Nobody/Anonymous )
Is it possible to fool SG like this?
2003-05-07 00:54


Saying: There´s an imganinary user with the adress: fuckoff.5.johndoe@spamgourmet.com

Knowing that it is a Spamgourmet-Adress and aware how the system works, I could send him mails after mails by using the adresses:
yourself.20.johndoe@spamgourmet.com
a.20.johndoe@spamgourmet.com
b.20.johndoe@spamgourmet.com
c.20.johndoe@spamgourmet.com
and so on.

It should be easy to write a script for my - imaginary - spam-machine, that creates on every opportunity a legal prefix for "johndoe@spamgourmet.com";

Right?

Countermeasures?


Your´s

Kleinalrik


By: maratheamit ( Amit Marathe )
RE: Is it possible to fool SG like this?
2003-05-07 13:16


Look at the watch and prefix features in advanced mode. While they are not perfect using them will give you much better protection against a dictionary attack like the one above.

-- Amit


By: nobody ( Nobody/Anonymous )
RE: Is it possible to fool SG like this?
2003-05-10 06:


Irritating John Doe might not be a very good idea.
He might be technically savvy. And he might decide to track you down.

Most spammers have to provide a way to order. John Doe might attack the ordering mechanism.

Spammers can't take people to court since they could be served papers there. Some states provide for damages for UCE. sam@amsolinc.com owes me $400 or more.

- spamGourmet_forum.sourceforge.2.jim2710 ... ourmet.com

(To really send me a note, change sourceforge to your name.)
miniscus
 
Posts: 48
Joined: Thu Aug 28, 2003 10:05 pm
Location: Wiesbaden, Germany

Postby Guest » Mon Sep 01, 2003 6:59 pm

Well, it´s possible to fool SG System even with the watch and prefix features.
Example:
Filter Only emails with words pig and john

You send a address john_thebig_piggy.3.username@spamgourmet.com

So the addresses
1john_thebig_piggy.3.username@spamgourmet.com,
5john_thebig_piggy.3.username@spamgourmet.com,
1john_thebig_piggy8.3.username@spamgourmet.com,
0john_thebig_piggy.3.username@spamgourmet.com,
funkythings1john_thebig_piggy.3.usernam ... ourmet.com,
it5john_thebig_piggyilike.3.username@spamgourmet.com,
wack1john_thebig_piggy8dsae.3.username@spamgourmet.com,
and a lot of examples more will work, because all of them have "pig" and "john"
Guest
 

Postby Guest » Mon Sep 01, 2003 7:02 pm

And with the prefix thing, just adding letters and numbers to, if the address has 3 parameters (myself.0.user) adding they to the 1st, and if it has 4, (prefix.myself.0.user) adding to the 2nd
Guest
 

Postby Guest » Tue Sep 02, 2003 7:23 pm

That's when you change your watchwords to something different to keep _new_ addresses without the _new_ watchwords from being created.
Guest
 

Postby Guest » Tue Sep 02, 2003 11:04 pm

first, in 3 years, there've been probably less than 10 messages that were sent to addresses that the user didn't fabricate, so relax...

Watchwords use regex matching, so if you have:

^myword

then 1myword.3.user@spamgourmet.com won't work, since you've specified that myword must come at the beginning. Similarly, if you use:

^my.*word$

then my1word, my3deword will work ,but 1my2word and my3f3word3 will not, and so forth.
Guest
 

Postby Guest » Tue Sep 09, 2003 5:16 pm

Would it be too difficult to have the SG server only allow email addresses that were initially created by the owner of the SG mailbox?

i.e. yourself.20.johndoe@spamgourmet.com would only be valid if an email was sent from the registered email address to the "new" address.

This would mean that you would simply have to send one email to create an email address. This would prevent someone from abusing the SG concept. I realize that this is currently not an issue, however, if the ability to create new addresses were restricted to the inbox owner it would be an improvement.
Guest
 

Postby SysKoll » Tue Sep 09, 2003 6:09 pm

Anonymous wrote:Would it be too difficult to have the SG server only allow email addresses that were initially created by the owner of the SG mailbox?


Actually, if you just put a watchword to something very specific, nobody will be able to guess it and you'll effectively prevent creation of new addresses.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby DrStrabismus » Tue Sep 16, 2003 2:16 pm

I don't see anywhere on the site where it says that watch-words are regular expressions.

It sounds like quite a powerful feature, something like

[adu]..[dpw].*[sda]

would be hard to infer even for a human reader.


Are there any other undocumented features?
DrStrabismus
 
Posts: 3
Joined: Tue Sep 16, 2003 1:23 pm

Postby josh » Tue Sep 16, 2003 2:28 pm

There aren't any undocumented *intended* features - the regex matching is a side effect of the way the code does watchword matching:


Code: Select all
sub containsOne {
  my $stuff = shift;
  my @words = @_;
  my $word;
  my $matches = 0;
  foreach $word (@words) {
    if ($stuff =~ /$word/i) {
      $matches = 1;
    }
  }
  return $matches;
}


The words aren't "regex-escaped", which could be considered a bug, but tends to work to everyone's advantage instead. The reason it's not mentioned on the site is because I have a hard enough time explaining spamgourmet itself repeatedly -- I've always doubted my ability to explain regex to the same folks :)

Another undocumented feature is that you can extend the life of an address indefinitely by adding the address itself as "exclusive sender" - since the code matches both the from: and the to: address against it (to account for mailing lists that are always to: the same address), this has the effect of making any message addressed to the address (but not CC or BCC) be passed through as if it were from the exclusive sender. This was unintentional and is not documented because it defeats the "deadman switch" that keeps the site from getting overloaded.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby Guest » Mon Sep 22, 2003 3:37 pm

josh wrote:Another undocumented feature is that you can extend the life of an address indefinitely by adding the address itself as "exclusive sender" - since the code matches both the from: and the to: address against it (to account for mailing lists that are always to: the same address), this has the effect of making any message addressed to the address (but not CC or BCC) be passed through as if it were from the exclusive sender. This was unintentional and is not documented because it defeats the "deadman switch" that keeps the site from getting overloaded.


Though it doesn't seem to work when your address is in the "to" field with other recipients. I wonder if putting in a .* regex on either side of the address would help?

Ben
Guest
 

Postby Aaron » Sat Oct 18, 2003 9:50 am

This whole ideas of using regexp for watchwords gives me an idea for using them on the usenet.....

I have some evidence that shows that some "clever" spambots actually strip off certain words used to mungle emails . Eg Spam ,remove.

A way around the problem would be to make Spam a watch word!
Aaron
 

Postby anon » Sat Oct 18, 2003 1:36 pm

A way around the problem would be to make Spam a watch word!


that's pretty good :D
anon
 


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 16 guests