Who ordered the scrambled brains?

Finally got around to setting up SpamAssassin on my email server (postfix). Currently, I’ve been relying on relaying my email through my ‘mikemcg@ucla.edu’ account (notice how I boldly plaster my email address on my website, easy pickin’s for the automated email address scrapers used by spammers) so that UCLA will flag the spam. But soon I plan on giving out ‘mike at scrambledbrains.net’ as my primary personal email address (and ‘michael.mcgranahan at ucla.edu’ as my professional email address — nice and clean, and effective separation of work and private, if I do say so myself, but I want to get No-IP’s Backup MX service first), so email will be going straight to my personal mail server. That means no more UCLA spam-scanning. Hence I set up SpamAssassin.

Anyway, in testing SpamAssassin, I found that by including a certain string in the body of your email, it will trigger the spam detector to score it 997 (normal spam scores around 10, and non-spam scores around 2). So I got to thinking, I wonder how many email readers honor the spam score (it’s stored in the message header by SpamAssassin before being delivered to your mailbox). If a lot of them do, then you could intentionally include that string to ensure that your email get’s marked as spam and might go unnoticed by the recipient. I can’t think of a specific example to take advantage of this, but you could probably use it to get out of binds. You send an email to get out of a hairy situation, and later on you can say, “What do you mean you didn’t know?! I emailed you! Maybe it’s in your junk mail folder, but that’s not my fault, I notified you in good faith!” [Grin — all the way to the bank.] Of course I’m being totally facetious but it’s interesting nonetheless. And now that string:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Just paste that into an email and if their email client honors spam scores, the message will end up in their junk folder. Send it as HTML and format the text color white so as not to arouse suspicion. And then take over the world!

Now to get that OpenLDAP server up and running so I can have a personal address book accessible from anywhere.

Follow me on Twitter for the latest updates, and make sure to check out my community opinion social networking project, Blocvox.