Re: How to increase score of URIDNSBL?
>... >List Mail User wrote: > >> >> Again, I apologize for any implied offense - none was intended. (When >> I mean to say bad things, I think that the archives will show I do not often >> "mince" my words.) I only meant to point out I didn't do a "thorough" check >> because none seemed to be necessary (i.e. keystreams immediately looked to be >> an upright and legitimate company). >> >> Sincerely, >> >> Paul Shupak > >I have to admit, I was a bit shocked by your posting Paul. I've never seen you >say anything as nice as: > > keystreams. com "seems" to be a legitimate hosting company > >Coming from you, high praise indeed. :) > Matt, I often defend people in private, but I admit I much more commonly blast people in public. You haven't seen the private defenses I've made of known ROSKO spammers to various groups when I felt the wrong person or organization was being blamed (though I do usually document who I think is *really* responsible - usually another "well-known" spammer). There is a large difference between being not guilty and being innocent. I wanted to save Jeff et. al. any unneeded effort since indeed keystreams did not even possibly qualify for SURBLs; If ChrisS had said exactly the same thing, I would have dug more, because of the possiblity of being "grey", but from what I did dig up, I'm pretty certain I still wouldn't have found anything "bad". The only reason for quotes around my use of seems, is that I do make mistakes - but usually in the other direction (like when I got the telco for Oslo Noway blacklisted for a day around the world - seems SBC would/will not put through calls to prefix:1000 - I didn't check well enough and they have since changed their domain contacts to use a number that can be called from North America). Paul Shupak [EMAIL PROTECTED]
Re: How to increase score of URIDNSBL?
Roman, Sorry about any implication that you or keystreams wasn't clean. I must have just glazed over your post and responded to Jeff's, saying that, indeed, you seemed "clean". Jeff's own later message (I read it after responding), pointed out exactly as you said, that keystreams was the "victim", not a "perpetrator". Sorry; I just immediately jump to "check mode" for some posts, and you looked immediately clean - and I meant to respond in that way, but not offend anyone who might have said differently. Obviously, I chose the wrong side to try not to upset. Again, I apologize for any implied offense - none was intended. (When I mean to say bad things, I think that the archives will show I do not often "mince" my words.) I only meant to point out I didn't do a "thorough" check because none seemed to be necessary (i.e. keystreams immediately looked to be an upright and legitimate company). Sincerely, Paul Shupak [EMAIL PROTECTED] No worries. It happens. -- Roman Volf Keystreams Internet Solutions [EMAIL PROTECTED]
Re: How to increase score of URIDNSBL?
List Mail User wrote: > > Again, I apologize for any implied offense - none was intended. (When > I mean to say bad things, I think that the archives will show I do not often > "mince" my words.) I only meant to point out I didn't do a "thorough" check > because none seemed to be necessary (i.e. keystreams immediately looked to be > an upright and legitimate company). > > Sincerely, > > Paul Shupak I have to admit, I was a bit shocked by your posting Paul. I've never seen you say anything as nice as: keystreams. com "seems" to be a legitimate hosting company Coming from you, high praise indeed. :)
Re: How to increase score of URIDNSBL?
>>>[all snipped] >> keystreams. com "seems" to be a legitimate hosting company; Which >>is not to say that they are or are not "spam friendly" and/or have some >>customers who are "bad actors". They do have a five year history and seem >>to themselves have been clean (unclear how many domains they own or operate, >>or if any of them have a "bad" history). >> >> Paul Shupak >> [EMAIL PROTECTED] >> >> >Why are we discussing the legitimacy of keystreams.com when the spam >sample I sent in was sent *to* keystreams.com. FYI, we've actually been >around since April of 1999 previously known as Realshell.com. > >-- >Roman Volf >Keystreams Internet Solutions >[EMAIL PROTECTED] > Roman, Sorry about any implication that you or keystreams wasn't clean. I must have just glazed over your post and responded to Jeff's, saying that, indeed, you seemed "clean". Jeff's own later message (I read it after responding), pointed out exactly as you said, that keystreams was the "victim", not a "perpetrator". Sorry; I just immediately jump to "check mode" for some posts, and you looked immediately clean - and I meant to respond in that way, but not offend anyone who might have said differently. Obviously, I chose the wrong side to try not to upset. Again, I apologize for any implied offense - none was intended. (When I mean to say bad things, I think that the archives will show I do not often "mince" my words.) I only meant to point out I didn't do a "thorough" check because none seemed to be necessary (i.e. keystreams immediately looked to be an upright and legitimate company). Sincerely, Paul Shupak [EMAIL PROTECTED]
Re: How to increase score of URIDNSBL?
>... > >On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: >> As someone else suggested, adding the uribl.com tests would also be >> helpful, but it's hard to say if uribl.com had that link listed at the time >> you got the message. SURBL lists the domain in AB, OB, SC and WS now, but >> none of them had it before. However, the more checks you use, the more >> chances you'll be checking the list that got it reported first. > >keystreams.com is not on any SURBLs currently. > >Jeff C. >-- >Jeff Chan >mailto:[EMAIL PROTECTED] >http://www.surbl.org/ > keystreams. com "seems" to be a legitimate hosting company; Which is not to say that they are or are not "spam friendly" and/or have some customers who are "bad actors". They do have a five year history and seem to themselves have been clean (unclear how many domains they own or operate, or if any of them have a "bad" history). Paul Shupak [EMAIL PROTECTED]
Re: How to increase score of URIDNSBL?
On Monday, June 6, 2005, 7:42:51 AM, Jeff Chan wrote: > On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: >> As someone else suggested, adding the uribl.com tests would also be >> helpful, but it's hard to say if uribl.com had that link listed at the time >> you got the message. SURBL lists the domain in AB, OB, SC and WS now, but >> none of them had it before. However, the more checks you use, the more >> chances you'll be checking the list that got it reported first. > keystreams.com is not on any SURBLs currently. > Jeff C. Oops, 'scuse me, I see keystreams was for the sample spam and the spam URI domain is: firstitregistr.com Rest asured that SURBLs will shortly be detecting ones like this much more quickly. The new version of my engine probably would have gotten this one at: 2005-06-06 02:36 UTC Which would have been about 23 minutes after the Jun 5 19:13:25 (pacific time?) of the original poster's logs. That's for the sc.surbl.org list. The xs list might get it earlier. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: How to increase score of URIDNSBL?
On Monday, June 6, 2005, 7:02:17 AM, Matt Kettler wrote: > As someone else suggested, adding the uribl.com tests would also be > helpful, but it's hard to say if uribl.com had that link listed at the time > you got the message. SURBL lists the domain in AB, OB, SC and WS now, but > none of them had it before. However, the more checks you use, the more > chances you'll be checking the list that got it reported first. keystreams.com is not on any SURBLs currently. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: How to increase score of URIDNSBL?
At 01:53 AM 6/6/2005, Roman Volf wrote: I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I stripped the X-Spam headers from the message) that only scored a 4.4, even though the URIDNSBL showed a hit. Here is the debug from spamd - http://www.keystreams.com/~volfman/spamd-debug.txt Is upping the score that a URIDNSBL hit gives a good idea? I mark spam at 5.0. Is this possible? Any suggestions? To be specific, that's URIBL_SBL. Let's look at the mass-check results for this test: 20.829 42.0571 0.70800.983 0.421.00 URIBL_SBL It's got a S/O of 98.3%, which means that 1.7% of the email that rule hits is nonspam. You could probably raise the score a little bit safely. However, because the FP rate is low but not insignificant but I would be careful and not go over 2.0 with it. As someone else suggested, adding the uribl.com tests would also be helpful, but it's hard to say if uribl.com had that link listed at the time you got the message. SURBL lists the domain in AB, OB, SC and WS now, but none of them had it before. However, the more checks you use, the more chances you'll be checking the list that got it reported first. p.s. the SA list moved off incubator a long time ago (Although the address does still work, and probably will indefinitely, the current "real" address is users@spamassassin.apache.org)
Re: How to increase score of URIDNSBL?
From: "Roman Volf" <[EMAIL PROTECTED]> Sent: Monday, June 06, 2005 7:53 AM I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I stripped the X-Spam headers from the message) that only scored a 4.4, even though the URIDNSBL showed a hit. Here is the debug from spamd - http://www.keystreams.com/~volfman/spamd-debug.txt Is upping the score that a URIDNSBL hit gives a good idea? I mark spam at 5.0. Is this possible? Any suggestions? If you would use uribl [1] with the standard usage line your score was added another 3 points. [1]http://www.uribl.com/ With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT
Re: How to increase score of URIDNSBL?
I don't know what all rules hit on this for you, but there are some SARE rules that should have triggered, and there will be some new ones very soon for the "display:none" trick. Between those and surbl, most of your spams of this sort should be caught. If you aren't running bayes, you might consider it. This is a wonderful example of something that should hit bayes-99 with very little training on your part. You would just need to adjust the bayes_99 score up to about 4 to make it functional. Loren
How to increase score of URIDNSBL?
I recieved a spam (http://www.keystreams.com/~volfman/spamd-msg.txt - I stripped the X-Spam headers from the message) that only scored a 4.4, even though the URIDNSBL showed a hit. Here is the debug from spamd - http://www.keystreams.com/~volfman/spamd-debug.txt Is upping the score that a URIDNSBL hit gives a good idea? I mark spam at 5.0. Is this possible? Any suggestions? -- Roman Volf Keystreams Internet Solutions [EMAIL PROTECTED]
