[sniffer] Re: Excessive amounts of spam
We are using sniffer and free tools: yasu (URLBL) and RBLCHECK (DNSBL). URLBL does catch some that sniffer dont. URLBL I think has as low false rate as sniffer - but it does not catch as many as sniffer. DNSBL also (mainly spamcop), but with much more false than sniffer. We have added a IP whitelist for DNSBL to lower the false rate. We used to run "spam assassin", but the above config has much lower false and uses much less cpu. Frank: Thanks for your input. There are definitely things leaking though that wouldn't have leaked through before. We've held off hoping for a production release but it may not be practical much longer. On that note, for anyone else in the same position, we tested adding InvURIBL from Invariant Systems. It's not a sniffer replacement but definitely caught a lot of what sniffer currently lets through for the very valid reasons Pete has covered. The only thing missing seemed to be a white list so that you could white list legitimate publications that might contain links to 'offensive' sites. That can probably be tuned out thru weighting however we'd hoped not to be re-inventing the wheel for a short term solution. Eric - Original Message - From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, December 20, 2007 1:17 PM Subject: [sniffer] Re: Excessive amounts of spam We have been running it for - I guess - 2 month now without any trouble. How stable is the beta version? Regards David Moore [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On Behalf Of *Pete McNeil *Sent:* Friday, 21 December 2007 8:10 AM *To:* Message Sniffer Community *Subject:* [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECT
[sniffer] Re: Excessive amounts of spam
Yes. John T > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of David > Moore > Sent: Thursday, December 20, 2007 2:24 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Excessive amounts of spam > > We are using MxGuard, Sniffer, InvURIBL combo on Imail will the beta sniffer > still fit with this combination with out issues? > > Regards David Moore > [EMAIL PROTECTED] > > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales > > Office Phone: (+612) 9453 1990 > Fax Phone: (+612) 9453 1880 > Mobile Phone: +614 18 282 648 > Skype Phone: ADSLDIRECT > > POSTAL ADDRESS: > PO BOX 190 > BELROSE NSW 2085 > AUSTRALIA. > > - > > This email message is only intended for the addressee(s) and contains > information that may be confidential, legally privileged and/or copyright. > If you are not the intended recipient please notify the sender by reply > email and immediately delete this email. Use, disclosure or reproduction of > this email, or taking any action in reliance on its contents by anyone other > than the intended recipient(s) is strictly prohibited. No representation is > made that this email or any attachments are free of viruses. Virus scanning > is recommended and is the responsibility of the recipient. > - > > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of E. H. (Eric) Fletcher > Sent: Friday, 21 December 2007 8:35 AM > To: Message Sniffer Community > Subject: [sniffer] Re: Excessive amounts of spam > > Frank: > > Thanks for your input. There are definitely things leaking though that > wouldn't have leaked through before. We've held off hoping for a production > > release but it may not be practical much longer. On that note, for anyone > else in the same position, we tested adding InvURIBL from Invariant Systems. > > It's not a sniffer replacement but definitely caught a lot of what sniffer > currently lets through for the very valid reasons Pete has covered. The > only thing missing seemed to be a white list so that you could white list > legitimate publications that might contain links to 'offensive' sites. That > > can probably be tuned out thru weighting however we'd hoped not to be > re-inventing the wheel for a short term solution. > > Eric > > - Original Message - > From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> > To: "Message Sniffer Community" > Sent: Thursday, December 20, 2007 1:17 PM > Subject: [sniffer] Re: Excessive amounts of spam > > > > > > We have been running it for - I guess - 2 month now without any trouble. > > > > > >> How stable is the beta version? > >> > >> Regards David Moore > >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > >> > >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. > >> www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and > >> Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales > >> > >> Office Phone: (+612) 9453 1990 > >> Fax Phone: (+612) 9453 1880 > >> Mobile Phone: +614 18 282 648 > >> Skype Phone: ADSLDIRECT > >> > >> POSTAL ADDRESS: > >> PO BOX 190 > >> BELROSE NSW 2085 > >> AUSTRALIA. > >> > >> - > >> > >> This email message is only intended for the addressee(s) and contains > >> information that may be confidential, legally privileged and/or > >> copyright. If you are not the intended recipient please notify the sender > > >> by reply email and immediately delete this email. Use, disclosure or > >> reproduction of this email, or taking any action in reliance on its > >> contents by anyone other than the intended recipient(s) is strictly > >> prohibited. No representation is made that this email or any attachments > >> are free of viruses. Virus scanning is recommended and is the > >> responsibility of the recipient. > >> > >> - > >> > >> *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On > >> Behalf Of *Pete McNeil > >> *Sent:* Friday, 21 December 2007 8:10 AM > >> *To:* Message Sniffer Community > >>
[sniffer] Re: Excessive amounts of spam
I have not noticed any increase on FPs on the one server that is running it. John T > -Original Message- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Darin > Cox > Sent: Thursday, December 20, 2007 1:29 PM > To: Message Sniffer Community > Subject: [sniffer] Re: Excessive amounts of spam > > I've heard comments that it has a higher catch rate... how about FP rate? > Higher, the same, or lower? > > Darin. > > > - Original Message - > From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> > To: "Message Sniffer Community" > Sent: Thursday, December 20, 2007 4:17 PM > Subject: [sniffer] Re: Excessive amounts of spam > > > > We have been running it for - I guess - 2 month now without any trouble. > > > > How stable is the beta version? > > > > > > > > Regards David Moore > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > > www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and > > Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales > > > > Office Phone: (+612) 9453 1990 > > Fax Phone: (+612) 9453 1880 > > Mobile Phone: +614 18 282 648 > > Skype Phone: ADSLDIRECT > > > > POSTAL ADDRESS: > > PO BOX 190 > > BELROSE NSW 2085 > > AUSTRALIA. > > > > - > > > > This email message is only intended for the addressee(s) and contains > > information that may be confidential, legally privileged and/or > > copyright. If you are not the intended recipient please notify the > > sender by reply email and immediately delete this email. Use, disclosure > > or reproduction of this email, or taking any action in reliance on its > > contents by anyone other than the intended recipient(s) is strictly > > prohibited. No representation is made that this email or any attachments > > are free of viruses. Virus scanning is recommended and is the > > responsibility of the recipient. > > > > - > > > > > > > > *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On > > Behalf Of *Pete McNeil > > *Sent:* Friday, 21 December 2007 8:10 AM > > *To:* Message Sniffer Community > > *Subject:* [sniffer] Re: Excessive amounts of spam > > > > > > > > Hello David, > > > > > > > > Thursday, December 20, 2007, 3:25:45 PM, you wrote: > > > > > > > >> > > > > > > > > Ø If you are not yet running the latest beta then that might help quite > > a bit since the GBUdb (IP reputation system) does a good job capturing > > new spam from old bots even before rules are coded. > > > > Please clarify are you saying it would help if we had the beta installed? > > > > > > > > Yes. > > > > > > > > The new GBUdb engine reduces leakage quite a bit. As more systems adopt > > the new version this will improve even more. Most new spam campaigns are > > started with some large fraction of existing bots. Messages from bots > > that have already been identified will be blocked even before new > > content rules can be generated (if needed). > > > > > > > > _M > > > > > > > > > > > > > > > > > > > > -- > > > > Pete McNeil > > > > Chief Scientist, > > > > Arm Research Labs, LLC. > > > > > ## > ### > > > > > > > > This message is sent to you because you are subscribed to > > > > > > > > the mailing list . > > > > > > > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > > > > > > > > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > > > > > > > > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > > > > > > > > Send administrative queries to <[EMAIL PROTECTED]> > > > > > > > > > > > > > -- > Mvh. Frank Jensen > [EMAIL PROTECTED] > www.pi.dk > > > > Imponerende, fascinerende og kæmpe > Plakater f.eks. 149 x 149 = 629 kr > Vi kan også lave plakat fra dit digitale foto > > www.plakatkunst.dk > > > >
[sniffer] Re: Excessive amounts of spam
We are using MxGuard, Sniffer, InvURIBL combo on Imail will the beta sniffer still fit with this combination with out issues? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au for ADSL and Internet www.romtech.com.au for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of E. H. (Eric) Fletcher Sent: Friday, 21 December 2007 8:35 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Frank: Thanks for your input. There are definitely things leaking though that wouldn't have leaked through before. We've held off hoping for a production release but it may not be practical much longer. On that note, for anyone else in the same position, we tested adding InvURIBL from Invariant Systems. It's not a sniffer replacement but definitely caught a lot of what sniffer currently lets through for the very valid reasons Pete has covered. The only thing missing seemed to be a white list so that you could white list legitimate publications that might contain links to 'offensive' sites. That can probably be tuned out thru weighting however we'd hoped not to be re-inventing the wheel for a short term solution. Eric - Original Message - From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, December 20, 2007 1:17 PM Subject: [sniffer] Re: Excessive amounts of spam > > We have been running it for - I guess - 2 month now without any trouble. > > >> How stable is the beta version? >> >> Regards David Moore >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> >> J.P. MCP, MCSE, MCSE + INTERNET, CNE. >> www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and >> Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales >> >> Office Phone: (+612) 9453 1990 >> Fax Phone: (+612) 9453 1880 >> Mobile Phone: +614 18 282 648 >> Skype Phone: ADSLDIRECT >> >> POSTAL ADDRESS: >> PO BOX 190 >> BELROSE NSW 2085 >> AUSTRALIA. >> >> - >> >> This email message is only intended for the addressee(s) and contains >> information that may be confidential, legally privileged and/or >> copyright. If you are not the intended recipient please notify the sender >> by reply email and immediately delete this email. Use, disclosure or >> reproduction of this email, or taking any action in reliance on its >> contents by anyone other than the intended recipient(s) is strictly >> prohibited. No representation is made that this email or any attachments >> are free of viruses. Virus scanning is recommended and is the >> responsibility of the recipient. >> >> ------------- >> >> *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On >> Behalf Of *Pete McNeil >> *Sent:* Friday, 21 December 2007 8:10 AM >> *To:* Message Sniffer Community >> *Subject:* [sniffer] Re: Excessive amounts of spam >> >> Hello David, >> >> Thursday, December 20, 2007, 3:25:45 PM, you wrote: >> >> >>> >> >> >> >> Ø If you are not yet running the latest beta then that might help quite >> a bit since the GBUdb (IP reputation system) does a good job capturing >> new spam from old bots even before rules are coded. >> >> Please clarify are you saying it would help if we had the beta installed? >> >> Yes. The new GBUdb engine reduces leakage quite a bit. As more systems >> adopt the new version this will improve even more. Most new spam >> campaigns are started with some large fraction of existing bots. Messages >> from
[sniffer] Re: Excessive amounts of spam
Frank: Thanks for your input. There are definitely things leaking though that wouldn't have leaked through before. We've held off hoping for a production release but it may not be practical much longer. On that note, for anyone else in the same position, we tested adding InvURIBL from Invariant Systems. It's not a sniffer replacement but definitely caught a lot of what sniffer currently lets through for the very valid reasons Pete has covered. The only thing missing seemed to be a white list so that you could white list legitimate publications that might contain links to 'offensive' sites. That can probably be tuned out thru weighting however we'd hoped not to be re-inventing the wheel for a short term solution. Eric - Original Message - From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, December 20, 2007 1:17 PM Subject: [sniffer] Re: Excessive amounts of spam We have been running it for - I guess - 2 month now without any trouble. How stable is the beta version? Regards David Moore [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On Behalf Of *Pete McNeil *Sent:* Friday, 21 December 2007 8:10 AM *To:* Message Sniffer Community *Subject:* [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
I've heard comments that it has a higher catch rate... how about FP rate? Higher, the same, or lower? Darin. - Original Message - From: "Pi-Web - Frank Jensen" <[EMAIL PROTECTED]> To: "Message Sniffer Community" Sent: Thursday, December 20, 2007 4:17 PM Subject: [sniffer] Re: Excessive amounts of spam We have been running it for - I guess - 2 month now without any trouble. > How stable is the beta version? > > > > Regards David Moore > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > J.P. MCP, MCSE, MCSE + INTERNET, CNE. > www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and > Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales > > Office Phone: (+612) 9453 1990 > Fax Phone: (+612) 9453 1880 > Mobile Phone: +614 18 282 648 > Skype Phone: ADSLDIRECT > > POSTAL ADDRESS: > PO BOX 190 > BELROSE NSW 2085 > AUSTRALIA. > > - > > This email message is only intended for the addressee(s) and contains > information that may be confidential, legally privileged and/or > copyright. If you are not the intended recipient please notify the > sender by reply email and immediately delete this email. Use, disclosure > or reproduction of this email, or taking any action in reliance on its > contents by anyone other than the intended recipient(s) is strictly > prohibited. No representation is made that this email or any attachments > are free of viruses. Virus scanning is recommended and is the > responsibility of the recipient. > > - > > > > *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On > Behalf Of *Pete McNeil > *Sent:* Friday, 21 December 2007 8:10 AM > *To:* Message Sniffer Community > *Subject:* [sniffer] Re: Excessive amounts of spam > > > > Hello David, > > > > Thursday, December 20, 2007, 3:25:45 PM, you wrote: > > > >> > > > > Ø If you are not yet running the latest beta then that might help quite > a bit since the GBUdb (IP reputation system) does a good job capturing > new spam from old bots even before rules are coded. > > Please clarify are you saying it would help if we had the beta installed? > > > > Yes. > > > > The new GBUdb engine reduces leakage quite a bit. As more systems adopt > the new version this will improve even more. Most new spam campaigns are > started with some large fraction of existing bots. Messages from bots > that have already been identified will be blocked even before new > content rules can be generated (if needed). > > > > _M > > > > > > > > > > -- > > Pete McNeil > > Chief Scientist, > > Arm Research Labs, LLC. > > # > > > > This message is sent to you because you are subscribed to > > > > the mailing list . > > > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > > > > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > > > > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > > > > Send administrative queries to <[EMAIL PROTECTED]> > > > > > -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
We have been running it for - I guess - 2 month now without any trouble. How stable is the beta version? Regards David Moore [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - *From:* Message Sniffer Community [mailto:[EMAIL PROTECTED] *On Behalf Of *Pete McNeil *Sent:* Friday, 21 December 2007 8:10 AM *To:* Message Sniffer Community *Subject:* [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]> -- Mvh. Frank Jensen [EMAIL PROTECTED] www.pi.dk Imponerende, fascinerende og kæmpe Plakater f.eks. 149 x 149 = 629 kr Vi kan også lave plakat fra dit digitale foto www.plakatkunst.dk # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
How stable is the beta version? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, 21 December 2007 8:10 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: > Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
Hello David, Thursday, December 20, 2007, 3:25:45 PM, you wrote: > Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Yes. The new GBUdb engine reduces leakage quite a bit. As more systems adopt the new version this will improve even more. Most new spam campaigns are started with some large fraction of existing bots. Messages from bots that have already been identified will be blocked even before new content rules can be generated (if needed). _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
Ø If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Please clarify are you saying it would help if we had the beta installed? Regards David Moore [EMAIL PROTECTED] J.P. MCP, MCSE, MCSE + INTERNET, CNE. www.adsldirect.com.au <http://www.adsldirect.com.au/> for ADSL and Internet www.romtech.com.au <http://www.romtech.com.au/> for PC sales Office Phone: (+612) 9453 1990 Fax Phone: (+612) 9453 1880 Mobile Phone: +614 18 282 648 Skype Phone: ADSLDIRECT POSTAL ADDRESS: PO BOX 190 BELROSE NSW 2085 AUSTRALIA. - This email message is only intended for the addressee(s) and contains information that may be confidential, legally privileged and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email, or taking any action in reliance on its contents by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient. - From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Friday, 21 December 2007 6:14 AM To: Message Sniffer Community Subject: [sniffer] Re: Excessive amounts of spam Hello Steve, Thursday, December 20, 2007, 1:54:12 PM, you wrote: > Hello, Any word on the ramping up of Viagra spams getting through in the last week? I'm now getting more and more clients complaining so maybe the Message Sniffer traps are not getting these. Or is everyone off for the holidays already? I'll start sending over the ones I get to the spam address as a follow up. We are definitely here 24/7/365. We've seen a number of heavy campaigns recently, but we've generally been on top of them. At the moment we have 98.3% capture on our heaviest spamtraps - they are showing 400% of their nominal traffic - this is most likely attributable to the new campaigns launched today: At least two new campaigns launched today within the last few hours and we had both of those blocked very quickly. If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Also, be sure that your rulebase is up to date. The best way to update your rulebase is to trigger your update script based on our update notifications. If instead you are using a scheduled task / cron then you will want to check for a new rulebase at least once per hour. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
[sniffer] Re: Excessive amounts of spam
Hello Steve, Thursday, December 20, 2007, 1:54:12 PM, you wrote: > Hello, Any word on the ramping up of Viagra spams getting through in the last week? I'm now getting more and more clients complaining so maybe the Message Sniffer traps are not getting these. Or is everyone off for the holidays already? I'll start sending over the ones I get to the spam address as a follow up. We are definitely here 24/7/365. We've seen a number of heavy campaigns recently, but we've generally been on top of them. At the moment we have 98.3% capture on our heaviest spamtraps - they are showing 400% of their nominal traffic - this is most likely attributable to the new campaigns launched today: At least two new campaigns launched today within the last few hours and we had both of those blocked very quickly. If you are not yet running the latest beta then that might help quite a bit since the GBUdb (IP reputation system) does a good job capturing new spam from old bots even before rules are coded. Also, be sure that your rulebase is up to date. The best way to update your rulebase is to trigger your update script based on our update notifications. If instead you are using a scheduled task / cron then you will want to check for a new rulebase at least once per hour. Hope this helps, _M -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
