Pete,
I will take a look at the site. Thanx
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Pete McNeil
> Sent: Monday, July 26, 2004 10:07 PM
> To: Kevin Bilbee
> Subject: Re[2]: [Declude.JunkMail] What to do about spam getting through?
>
> I know I'm biased, but this is where Message Sniffer could probably help.
> Rather than researching and tuning for this - if you submit it to our
> spam@ address we will do all of that automatically, and usually we
> will capture it. Submitting it to us is much cheaper than doing the
> research yourself in most cases. There are still new things that get
> past us, but not for long once we see them.
>
> Our actions usually cover 3, 4, and 5 from your list, including broad
> heuristics for polymorphic domains and text patterns - such as those
> from the big huge super clear dvd collection guy. I think we've got that
> one down to a trickle now - even though they keep pumping out new
> domains and using new zombies.
>
> _M
> Pete McNeil (Madscientist)
> President, MicroNeil Research Corporation
> Chief Sortmonster, www.sortmonster.com
>
> On Monday, July 26, 2004, 8:36:13 PM, Kevin wrote:
>
> KB> Looks like you have a good handle on it. You need to look at
> KB> all of these things and choose the ones that fit the particular
> KB> spam campaign/spammer.
> KB>
> KB> Spam blocking takes a lot of fine tuning.
> KB>
> KB>
> KB> Kevin Bilbee
>
> KB> -----Original Message-----
> KB> From: [EMAIL PROTECTED]
> KB> [mailto:[EMAIL PROTECTED] Behalf Of Goran
> KB> Jovanovic
> KB> Sent: Monday, July 26, 2004 5:27 PM
> KB> To: [EMAIL PROTECTED]
> KB> Subject: [Declude.JunkMail] What to do about spam getting through?
>
>
>
>
> KB> This is perhaps a bit of a philosophical question as well as a
> practical one.
>
>
> KB>
>
>
> KB> I have users sending me back mail that did not get trapped
> KB> as SPAM which it obviously is. Now when I look it up some of
> KB> this stuff scores really low (like 20 to 50% of the tag weight).
> KB> It may not be on any blacklist, it may have minimal text (mostly
> KB> downloaded pictures) and so I do not catch it. I see that I have
> KB> a few options
>
>
> KB>
>
>
> KB> 1)������ Blacklist it by sender but that is probably mostly
> KB> a waste of time since the sender gets spoofed and changes
>
>
> KB> 2)������ Do nothing and hope that it appears on more DNS
> KB> tests so that it will trip more test and then get caught (not a
> KB> great option)
>
>
> KB> 3)������ Consider blacklisting the IP but that may not be
> KB> possible if it is a major e-mail server or may not be possible
> KB> if it is a zombie
>
>
> KB> 4)������ Look for specific words/phrases in the body,
> KB> subject etc and try filtering on that
>
>
> KB> 5)������ Something else, anything else??
>
>
> KB>
>
>
> KB> It seems to me that these are my options and none of them
> KB> seem really definitive. Now maybe I am looking for something
> KB> that doesn�t exist but I thought I would ask here what others do.
>
>
> KB>
>
>
> KB> Any suggestions, thoughts etc would be appreciated.
>
>
> KB>
>
>
> KB> Thanx
>
>
> KB>
>
>
>
>
>
> KB>
>
>
> KB> �����Goran Jovanovic
>
>
> KB> ���� The LAN Shoppe
>
>
> KB>
>
>
> KB>
>
>
>
>
>
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
