Re: Image spam
On Mon, 2 Sep 2013, emailitis.com wrote: Here's something else to look into: /root/weeklymail/Sunmaillog:Aug 31 11:11:05 plesk3 spamd[11160]: spamd: result: . 0 - BAYES_00 /root/weeklymail/Sunmaillog:Aug 31 14:21:34 plesk3 spamd[27015]: spamd: result: Y 5 - BAYES_50 /root/weeklymail/Sunmaillog:Aug 31 16:07:21 plesk3 spamd[12813]: spamd: result: . 4 - BAYES_20 /root/weeklymail/Sunmaillog:Aug 31 18:07:59 plesk3 spamd[12813]: spamd: result: . 1 - BAYES_50 I could see the BAYES_50s if there was little else other than an image link in the message, and the spam campaign was something new, but BAYES_20 and especially BAYES_00? Standard Bayes questions: How do you train? Manually, automatically, or both? If you train manually, who contributes? Are the contributions reviewed prior to training? Do you retain your manual training corpus to review, and for initial retraining if Bayes goes completely off the rails? Non-Bayes questions: are you using greylisting? It really cuts down on the garbage. Are you doing MTA SMTP-time DNSBL filtering using ZEN? It's very reliable and appears to have ~30% spam-only overlap with __REMOTE_IMAGE. Suggestion: a meta of __REMOTE_IMAGE and LOTS_OF_MONEY might help, assuming you don't have a lot of ham that hits both rules. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Yet another example of a Mexican doing a job Americans are unwilling to do. -- Reno Sepulveda, on UniVision reporters asking President Obama some pointed questions about the BATFE Fast and Furious scandal. --- 458 days since the first successful private support mission to ISS (SpaceX)
Is EndOfSpam a known scam?
Hello. My name is Marcus Loxx. First, please let me know if this is the correct way to post a question. Second, the question is more about spam filtering in general than SpamAssassin, but I couldn't think of a better place to post it. If the Users list is not a good place to post this question, I would greatly appreciate an appropriate recommendation. Pretty much there is some software called EndOfSpam made by someone called Desmond Fox and I want to know if the software isn't malicious. The web address is https://sites.google.com/site/desmondfoxendofspam/home I send and get a lot of email, and I found it when I got a reply email from someone I had never emailed before. I tried looking for more information on it, but other than the address above, which I only found in the reply email I got, there doesn't seem to be anything about it anywhere. I know you can't tell me if it is safe or not because we live in such a litigious society, but do you know if this is a known scam or something? -Marcus Loxx
RE: Image spam
Thanks John, > Standard Bayes questions: > > How do you train? Manually, automatically, or both? Automatically. Recently I am manually training on Spam that I receive to about 10 email addresses of our own like the ones shown but not sure how much difference that is making. I THINK I used to get even more BAYES_00 so maybe it is working. But some Spam-heavy mailboxes are not ours and we would not be able to train the owner how to do the training. And I have been doing only Spam, not Ham, training. I expect that in the dim and distant past, we did not do as much > If you train manually, who contributes? Are the contributions reviewed prior > to training? > > Do you retain your manual training corpus to review, and for initial retraining > if Bayes goes completely off the rails? Not sure how easily we could make it for our clients to assist with manual training - I suspect they would not have the time or knowledge or inclination so to do. > Do you retain your manual training corpus to review, and for initial retraining > if Bayes goes completely off the rails? No, we do not have this sadly. In the past we only ever let SA do the automatic training so I guess it was not perfect. But even with a re-train I am not sure how we could capture emails being sent to clients which are Spam. > Non-Bayes questions: are you using greylisting? It really cuts down on the > garbage. Are you doing MTA SMTP-time DNSBL filtering using ZEN? It's very > reliable and appears to have ~30% spam-only overlap with > __REMOTE_IMAGE. No, we cancelled it because the delay was causing some issues but we will look to re-activating that. > > Suggestion: a meta of __REMOTE_IMAGE and LOTS_OF_MONEY might help, > assuming you don't have a lot of ham that hits both rules. Thank you for that suggestion which I will put in place. Only one today that met both criteria and that was Spam! And it got through with a score of 4.2! Kind regards, Christoph > -Original Message- > From: John Hardin [mailto:jhar...@impsec.org] > Sent: 02 September 2013 08:01 > To: users@spamassassin.apache.org > Subject: Re: Image spam > > On Mon, 2 Sep 2013, emailitis.com wrote: > > Here's something else to look into: > > > /root/weeklymail/Sunmaillog:Aug 31 11:11:05 plesk3 spamd[11160]: > spamd: > > result: . 0 - BAYES_00 > > > > /root/weeklymail/Sunmaillog:Aug 31 14:21:34 plesk3 spamd[27015]: > spamd: > > result: Y 5 - BAYES_50 > > > > /root/weeklymail/Sunmaillog:Aug 31 16:07:21 plesk3 spamd[12813]: > spamd: > > result: . 4 - BAYES_20 > > > > /root/weeklymail/Sunmaillog:Aug 31 18:07:59 plesk3 spamd[12813]: > spamd: > > result: . 1 - BAYES_50 > > I could see the BAYES_50s if there was little else other than an image link in > the message, and the spam campaign was something new, but BAYES_20 > and especially BAYES_00? > > Standard Bayes questions: > > How do you train? Manually, automatically, or both? > > If you train manually, who contributes? Are the contributions reviewed prior > to training? > > Do you retain your manual training corpus to review, and for initial retraining > if Bayes goes completely off the rails? > > Non-Bayes questions: are you using greylisting? It really cuts down on the > garbage. Are you doing MTA SMTP-time DNSBL filtering using ZEN? It's very > reliable and appears to have ~30% spam-only overlap with > __REMOTE_IMAGE. > > Suggestion: a meta of __REMOTE_IMAGE and LOTS_OF_MONEY might help, > assuming you don't have a lot of ham that hits both rules. > > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- >Yet another example of a Mexican doing a job Americans are >unwilling to do. -- Reno Sepulveda, on UniVision reporters asking > President Obama some pointed questions about > the BATFE Fast and Furious scandal. > --- > 458 days since the first successful private support mission to ISS (SpaceX)
Re: Is EndOfSpam a known scam?
On Mon, 2 Sep 2013, Marcus Loxx wrote: First, please let me know if this is the correct way to post a question. Second, the question is more about spam filtering in general than SpamAssassin, but I couldn't think of a better place to post it. If the Users list is not a good place to post this question, I would greatly appreciate an appropriate recommendation. We don't mind as long as it doesn't get out-of-hand. There are other more-generically-antispam fora that are appropriate for in-depth discussion. Pretty much there is some software called EndOfSpam made by someone called Desmond Fox and I want to know if the software isn't malicious. The web address is https://sites.google.com/site/desmondfoxendofspam/home I send and get a lot of email, and I found it when I got a reply email from someone I had never emailed before. I tried looking for more information on it, but other than the address above, which I only found in the reply email I got, there doesn't seem to be anything about it anywhere. I know you can't tell me if it is safe or not because we live in such a litigious society, but do you know if this is a known scam or something? Basically it looks like an autoresponder written in Java: if the sender's email is not in the whitelist, flag it and automatically send them a response (i.e. the payment instructions). It also appears to be a client-side post-delivery tool that operates by scanning the specified mailbox and *flagging* any disallowed messages. They are still there unless you do something else to quarantine them. There are lots of ways to achieve this, not just this tool. It doesn't appear to be malicious or a scam, but it is an example of one of the Final Ultimate Solutions to the Spam Problem: http://www.rhyolite.com/anti-spam/you-might-be.html#e-postage Spam is not a simple problem, it has no simplistic solution. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray --- 15 days until the 226th anniversary of the signing of the U.S. Constitution
Re: Is EndOfSpam a known scam?
On Sep 2, 2013, at 9:26 AM, Marcus Loxx wrote: > Hello. My name is Marcus Loxx. > > First, please let me know if this is the correct way to post a question. > Second, the question is more about spam filtering in general than > SpamAssassin, but I couldn't think of a better place to post it. If the Users > list is not a good place to post this question, I would greatly appreciate an > appropriate recommendation. > > Pretty much there is some software called EndOfSpam made by someone called > Desmond Fox and I want to know if the software isn't malicious. The web > address is > https://sites.google.com/site/desmondfoxendofspam/home > > I send and get a lot of email, and I found it when I got a reply email from > someone I had never emailed before. I tried looking for more information on > it, but other than the address above, which I only found in the reply email I > got, there doesn't seem to be anything about it anywhere. I know you can't > tell me if it is safe or not because we live in such a litigious society, but > do you know if this is a known scam or something? "Hello. My pseudonym is Desmond Fox, and welcome to the EndOfSpam web page. This is an old, but as far as I can tell, never implemented idea for getting rid of spam emails. The idea is to charge emailers to send the emailee an email. The details are a little bit more complicated than that, but not much (explained below)." If I were able to charge mailers I'd be a very wealthy man, depending upon the exchange rate with the ruble. forget it. this idea has been stinking up the hallways for a very long time. no, it won't work, because no-one will pay. If you need a reference, ask Bill Gates how 'penny black' worked ten years ago.
Re: Is EndOfSpam a known scam?
>The idea is to charge emailers to send the emailee an email. The details are a >little >bit more complicated than that, but not much (explained below)." This is a bad idea that just won't go away. I wrote a white paper about it. It's ten years old, but nothing of any importance has changed: http://www.taugh.com/epostage.pdf R's, John
