Pete, I will take a look at the site. Thanx
Goran Jovanovic The LAN Shoppe > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Pete McNeil > Sent: Monday, July 26, 2004 10:07 PM > To: Kevin Bilbee > Subject: Re[2]: [Declude.JunkMail] What to do about spam getting through? > > I know I'm biased, but this is where Message Sniffer could probably help. > Rather than researching and tuning for this - if you submit it to our > spam@ address we will do all of that automatically, and usually we > will capture it. Submitting it to us is much cheaper than doing the > research yourself in most cases. There are still new things that get > past us, but not for long once we see them. > > Our actions usually cover 3, 4, and 5 from your list, including broad > heuristics for polymorphic domains and text patterns - such as those > from the big huge super clear dvd collection guy. I think we've got that > one down to a trickle now - even though they keep pumping out new > domains and using new zombies. > > _M > Pete McNeil (Madscientist) > President, MicroNeil Research Corporation > Chief Sortmonster, www.sortmonster.com > > On Monday, July 26, 2004, 8:36:13 PM, Kevin wrote: > > KB> Looks like you have a good handle on it. You need to look at > KB> all of these things and choose the ones that fit the particular > KB> spam campaign/spammer. > KB> > KB> Spam blocking takes a lot of fine tuning. > KB> > KB> > KB> Kevin Bilbee > > KB> -----Original Message----- > KB> From: [EMAIL PROTECTED] > KB> [mailto:[EMAIL PROTECTED] Behalf Of Goran > KB> Jovanovic > KB> Sent: Monday, July 26, 2004 5:27 PM > KB> To: [EMAIL PROTECTED] > KB> Subject: [Declude.JunkMail] What to do about spam getting through? > > > > > KB> This is perhaps a bit of a philosophical question as well as a > practical one. > > > KB> > > > KB> I have users sending me back mail that did not get trapped > KB> as SPAM which it obviously is. Now when I look it up some of > KB> this stuff scores really low (like 20 to 50% of the tag weight). > KB> It may not be on any blacklist, it may have minimal text (mostly > KB> downloaded pictures) and so I do not catch it. I see that I have > KB> a few options > > > KB> > > > KB> 1) Blacklist it by sender but that is probably mostly > KB> a waste of time since the sender gets spoofed and changes > > > KB> 2) Do nothing and hope that it appears on more DNS > KB> tests so that it will trip more test and then get caught (not a > KB> great option) > > > KB> 3) Consider blacklisting the IP but that may not be > KB> possible if it is a major e-mail server or may not be possible > KB> if it is a zombie > > > KB> 4) Look for specific words/phrases in the body, > KB> subject etc and try filtering on that > > > KB> 5) Something else, anything else?? > > > KB> > > > KB> It seems to me that these are my options and none of them > KB> seem really definitive. Now maybe I am looking for something > KB> that doesn’t exist but I thought I would ask here what others do. > > > KB> > > > KB> Any suggestions, thoughts etc would be appreciated. > > > KB> > > > KB> Thanx > > > KB> > > > > > > KB> > > > KB> Goran Jovanovic > > > KB> The LAN Shoppe > > > KB> > > > KB> > > > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.