Spamihilator

[JMThomas]

What fields does AlphabetSoup look at?

In particular, does it look at the to:, and/or from:, and/or subject:, as well as the message body?

PS: Thanks Boris. This filter gets the most hits after the DCC filter!

[Quellcore]

Hallo JMThomas!

Sorry,

it's me again, your worst nightmare

You won't get an answer from Boris, he hasn't been around in ages:
memberlist.php?mode=viewprofile&u=46
His last Post is from 2005, answers or updates are very unlikely.

We could try to do some reverse engineering if it's that important for you.
Can u upload an email that got classified as Spam by the Alphasoup filter and attach it to a post?
Please scramble your emailadress when you do that.


Regards,
Quellcore

[JMThomas]

Hi Quellcore!

Nah... No nightmares, just good dreams!

Did Boris leave you the source? If so, I'll eyeball it if you will let me. Otherwise, I'd rather you spend your time on the base product.

Best Regards,
JMThomas

PS: I wouldn't mind seeing the Charset source too, if available.

[Quellcore]

Hello JMThomas!

Nah, no sources.
I'm also not the programmer of Spami or any of the plugins, just a user.
Testing Spam-Mails by running them through Spami is quite easy, thanks to another nifty tool from Boris:


I would have tried to find a character pattern from one of your mails that the alphasoup detects and then would have migrated that pattern into different mails into different parts of the mail.

Example:

• "abcdefg" gets detected by the alphasoup
• make several different versions of the original spammail:
  
• "abcdefg" in header field "to"
• "abcdefg" in header field "from"
• "abcdefg" in header field "subject"
• "abcdefg" in body

feed those mails to Spami by running it through the virtual Pop3-Server

That's what i meant by "reverse engineering"
Testing should be very quick for me since everything is set up, just need an example what pattern would trigger the alphasoup filter.
If you could provide me one that would help me a lot.


Right now my guess would be that the filter scans the body and maybe also the subject, that's it.


Regards,
Quellcore

[Quellcore]

Hallo JMThomas!

Differnet approach to answer:
he AlphabetSoup Filter plug-in tagged an e-mail as spam which is an e-mail that I wrote. It is a tech support request so it has dates, usernames, has "Doh!" and "Duh!" (slap my head, slap their head, for stupid mistakes by each), it is a reply so it has the From with e-mail addresses of the sender, member IDs (numeric), but doesn't have much of what I'd call alphabet soup (series of words composed of random characters). The most garbled words would be the e-mail addresses (since words are not use for the usernames) but then this plug-in should be ignoring e-mail addresses, anyway.

What language is this plug-in based? How many words of random characters does it take to get an e-mail tagged as spam (there is no configuration of this plug-in)? What is the minimal word length (since obviously many abbreviations are 3 to 4 characters long)? The plug-in is just a blackbox with no configuration, no documentation, and no way to know why it decided to tag an e-mail as spam (the Reason field in the Recycle Bin is blank).

[Quellcore]

Hello JMThomas!

I'd still be happy to test which fields it checks, i just need an example for a pattern that does get recognized by the filter.

I generated different mails with the AlphabetSoup-String "1a2b3c4d5e6f" in different Header-Fields and the Body, but this string obviously makes it through the filter so i would appreciate any hint what pattern would get recognized by this filter.


Regards
Quellcore

[Quellcore]

Hello JMThomas!

I got it, finally the string "1a2b3c4d5e6f7g8h9i10j11k" did the trick.

Now the very surprising result:
This filter seems to scan the subject field only, all my other test mails with the same string in different header fields and in the body went through unclassified.

Regards,
Quellcore

P.S. I wanted to upload a Screenshot of the training area with the result when i realized that this feature is missing in this subfourm, strange.

[Quellcore]

Hello JMThomas!

Attachments work now in this subforum, here is the screenshot:

AlphabetSoup-Test.png (18.46 KiB) 13401-mal betrachtet

[Chactory]

ust in case anybody thinks i'm crazy because i keep talking to myself, YOU'RE WRONG

Hello JMThomas!

It's me again!
I couldn't really believe the outcome of my tests that this filter only scans the subject so i startet to dig a little deeper.

These are the results:

Can not read coded SUBJECT like UTF-8
As a result pretty much every mail with a coded subject will get classified as Spam if only the subject and therefore the coded AlphabetSoup is long enough.
This Subject would trigger Spam recognition because it only sees the AlphabetSoup including "ISO..." and not the decoded SUBJECT.
?ISO-8859-1?B?S2VpbiBTcGFzcyBpbSBCZXR0IG1laHI/?=