FYI, I am using Sniffer on top of everything else. John Tolmachoff Engineer/Consultant/Owner eServices For You
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Goran Jovanovic > Sent: Tuesday, July 27, 2004 10:30 AM > To: [EMAIL PROTECTED] > Subject: RE: Re[2]: [Declude.JunkMail] What to do about spam getting through? > > Pete, > > I will take a look at the site. Thanx > > > > Goran Jovanovic > The LAN Shoppe > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Pete McNeil > > Sent: Monday, July 26, 2004 10:07 PM > > To: Kevin Bilbee > > Subject: Re[2]: [Declude.JunkMail] What to do about spam getting through? > > > > I know I'm biased, but this is where Message Sniffer could probably help. > > Rather than researching and tuning for this - if you submit it to our > > spam@ address we will do all of that automatically, and usually we > > will capture it. Submitting it to us is much cheaper than doing the > > research yourself in most cases. There are still new things that get > > past us, but not for long once we see them. > > > > Our actions usually cover 3, 4, and 5 from your list, including broad > > heuristics for polymorphic domains and text patterns - such as those > > from the big huge super clear dvd collection guy. I think we've got that > > one down to a trickle now - even though they keep pumping out new > > domains and using new zombies. > > > > _M > > Pete McNeil (Madscientist) > > President, MicroNeil Research Corporation > > Chief Sortmonster, www.sortmonster.com > > > > On Monday, July 26, 2004, 8:36:13 PM, Kevin wrote: > > > > KB> Looks like you have a good handle on it. You need to look at > > KB> all of these things and choose the ones that fit the particular > > KB> spam campaign/spammer. > > KB> > > KB> Spam blocking takes a lot of fine tuning. > > KB> > > KB> > > KB> Kevin Bilbee > > > > KB> -----Original Message----- > > KB> From: [EMAIL PROTECTED] > > KB> [mailto:[EMAIL PROTECTED] Behalf Of Goran > > KB> Jovanovic > > KB> Sent: Monday, July 26, 2004 5:27 PM > > KB> To: [EMAIL PROTECTED] > > KB> Subject: [Declude.JunkMail] What to do about spam getting through? > > > > > > > > > > KB> This is perhaps a bit of a philosophical question as well as a > > practical one. > > > > > > KB> > > > > > > KB> I have users sending me back mail that did not get trapped > > KB> as SPAM which it obviously is. Now when I look it up some of > > KB> this stuff scores really low (like 20 to 50% of the tag weight). > > KB> It may not be on any blacklist, it may have minimal text (mostly > > KB> downloaded pictures) and so I do not catch it. I see that I have > > KB> a few options > > > > > > KB> > > > > > > KB> 1)������ Blacklist it by sender but that is probably mostly > > KB> a waste of time since the sender gets spoofed and changes > > > > > > KB> 2)������ Do nothing and hope that it appears on more DNS > > KB> tests so that it will trip more test and then get caught (not a > > KB> great option) > > > > > > KB> 3)������ Consider blacklisting the IP but that may not be > > KB> possible if it is a major e-mail server or may not be possible > > KB> if it is a zombie > > > > > > KB> 4)������ Look for specific words/phrases in the body, > > KB> subject etc and try filtering on that > > > > > > KB> 5)������ Something else, anything else?? > > > > > > KB> > > > > > > KB> It seems to me that these are my options and none of them > > KB> seem really definitive. Now maybe I am looking for something > > KB> that doesn�t exist but I thought I would ask here what others do. > > > > > > KB> > > > > > > KB> Any suggestions, thoughts etc would be appreciated. > > > > > > KB> > > > > > > KB> Thanx > > > > > > KB> > > > > > > > > > > > > KB> > > > > > > KB> �����Goran Jovanovic > > > > > > KB> ���� The LAN Shoppe > > > > > > KB> > > > > > > KB> > > > > > > > > > > > > > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
