@LINKED - Chop out the ccTLD's and only leave the gTLD's (over 200 lines saved). Also, you can also shorten all of the IP w/@ strings to just two numbers (10 through 99, be sure to include 10 and remove the dots) which would save another 150 lines or so. That would leave this filter with less than 150 BODY strings instead of over 500. It would be a little more prone to FP when you shorten the number strings I would thing, but I haven't tested that.
IPLINKED - Shorten all of the IP w/@ strings to just to numbers (10 through 99, be sure to include 10 and remove the dots) which would save about 150 lines and make the file only about 100 BODY strings instead of about 250 in original format. Same issues with FP's as before as it can pick up domain names that begin with two numbers.
Both modifications should save you about 2/3 of the processing required of the full files and only moderately impact their capabilities.
Matt
John Tolmachoff (Lists) wrote:
The problem with body filters is the big performance hit the server takes in
high volumes setups.
Comments?
John Tolmachoff Engineer/Consultant/Owner eServices For You
-----Original Message----- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Thursday, November 20, 2003 4:44 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] @LINKED & IPLINKED v1.0.2 - Great for scam detection
Considering Kami's latest find and the general need to protect our customers from this type of thing which is even worse than a virus to the unknown, I have packed up two filters that I have been testing out for a while with very good results. These things target eBay, PayPal and credit card fraud very effectively. These filters are definitely of the 'must have' variety (Declude JunkMail Pro required).
@LINKED searches for either; a character followed by "@" followed by a "www." a TLD followed by a "@", or a "@" followed by an IP address. It will score 3 points for the first combination and a 8 points for the second and third types of combinations (this is conservative scoring based on a fail weight of 10). Note that it can increment a score with successive hits for the ladder two combinations, I haven't had time to separate this stuff out into multiple files for a configuration with less chance of causing problems (though this is fairly well foolproof as is with no problems noticed yet, but it will happen eventually, MAXPOINTS would fix the issue when it comes).
IPLINKED searches for either "http://"; followed by an IP address. This is recommended only at a score of 3 because it could compound with FP issues from the above filter, and it will have issues with Web hosters and designers passing around pre-DNS enabled links. I've seen a few legit automated mailers hit on this due to the designer missing a link update from development, or maybe they just made quick use of a particular server for some reason. It's very useful and highly indicative of spam of course.
I don't have pages for them up yet, so instead they will appear linked on my site from the main Declude Filters page until I get around to putting something up.
MailPure :: Filter Software :: Declude Filters http://www.mailpure.com/software/decludefilters/
Enjoy as always,
Matt
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
