[SpamCop-List] Re: Mail Daemon Spam - what is it?

[Mike Easter]

Marjolein Katsma wrote:
> Mike Easter
>> but we're talking about a major parser 'revamp' here, that
>> I don't think is likely to happen.  Not this year.
>
> This year has only just started. Just like nearly every spammer now
> uses random word or tags to fool conetnt and possible bayesian
> filters, pretty soon every spammer will make every spam look like a
> bounce - and that might well happen before this year has ended.

Correct - I predict no big SC upgrades this year 2004 -- not to say
there won't be considerable spammer improvements.

It wouldn't be at all surprising to me to see ongoing spam 'upgrades' -
so that a higher and higher percentage of spam can elude the current
content filters and a lower and lower percentage of spam would be
blocked by various blocklists, including spamcop's.  With the wealth of
available trojans out there and more coming 'online' and available all
of the time, the spammer can move 'elusive content' spam from source to
source faster than the SCbl can keep up.

The spammer can currently say, "Let me see, what do I want to avoid?"
and if it is spamcop, there's a method of doing that, as in our fake
bounce example.

Some spammers probably don't care whether they 'avoid' spamcop or not;
their sources are rotated so that the source isn't on the scbl, and
their payloads reference links whose providers are non-responsive to
spamcop notifies, or their payload reference links aren't even really
where the payload is, that is, what spamcop notifies isn't 'where it's
at'.

Spamcop reporting, all by itself, isn't actually very 'comprehensive'.
If you want to do some notifying, you already have to 'step outside' of
SC's limitations.  It's been that way a long time.

-- 
Mike Easter