This particular attack uses common English words and relies on an implementation detail of POPFile: the fact that POPFile counts the number of times a word appears in an email. That detail is a little different from most spam filters that might consider a restricted range of hammy or spammy words. However, the attack described by POPFile user Olivier Guillion probably would work. On the other hand, I don't think we're likely to see it in the field primarily because it only affects POPFile and not other spam filters.
During the discussion I mentioned a number of papers that I thought Olivier should read concerning attacks on Bayesian filters. I then realized that they are not necessarily easily available. So, for the sake of everyone being able to read up quickly on this areas, here's a quick bibliography:
- Graham, 2002: Will filters kill spam?
- Graham-Cumming, Spam Conference at MIT, 2004: How to beat an adaptive spam filter
- Wittel and Wu, Conference on Email and Spam, 2004: On attacking statistical spam filters
- Stern, Mason and Shepherd, 2004: A linguistics based attack on personalised statistical email classifiers
- Lowd and Meek, Conference on Email and Spam, 2005: Good word attacks on statistical spam filters
- Graham-Cumming, Virus Bulletin Magazine, February 2006: Does Bayesian Poisoning exist? [cached]
Any I've missed?