ping
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
Yes.
At 03:45 PM 2/27/2004, you wrote:
Has anybody seen the crazy amount of porn spam being sent with the Habeas
headers?
---
Sign up for virus-free and spam-free e-mail with Nexus Technology Group
At 04:41 PM 2/27/2004, you wrote:
Today's related counts:
My own Habeas filter: 17
HIL: 258
Number of my Habeas filters tripped that were in HIL: 1
Number of my Habeas filters tripped on my porn filter: 9
You know - it's probably crossed a mind or two - but it needs to be said.
Is it now time to
__
Peter G McNeil (Madscientist, CodeDweller)
President, MicroNeil Research Corporation.
Chief SortMonster, www.SortMonster.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe
a PL code in Sniffer, but the methodology works
without it - In Declude you would use WHITELIST ANYWHERE plcode, and
block everything else.
Hope this helps,
_M
--
Best regards,
Peter G McNeil (Madscientist, CodeDweller)
President, MicroNeil Research Corporation.
Chief SortMonster
Ahh. Understood. I got confused by our rules where we code for a single
instance restricted to the URL. (Can't do that without wildcards). All
good then. Great work!
_M
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of
|Matthew Bramble
|Sent: Monday,
Not quite right. Normal HTML does often contain comments, usually
generated automatically as a deubgging aid for the developer. Normal
HTML does not usually contain comments that break up words like fr !--
catch me if you can -- ee (note that I added a space after fr and
before ee to be sure
Title: Message
For one thing this is a great way to filter spam. There is no good reason
to encode part of a url, or for that matter to encode "normal" characters. So,
anything with %30%37.biz is _ALMOST_ certain to be spam. We have been testing a
number of rules like this already with great
They're not getting past everything - we show a rejection rate of greater
than 75% almost consistently... not to say that the problem isn't getting
worse though.
http://www.sortmonster.com/MessageSniffer/Performance/FlowRates.jsp
We have seen a significant and apparently consistent rise in the
Message Sniffer has rules in place for this (about 30+ of them).
We've also lifted the delay restriction on the demo license temporarily
so that ANYONE can get this protection by running the demo license
(sniffer2.snf) with Declude Junkmail. BE SURE TO DOWNLOAD THE LATEST
VERSION OF THE RULEBASE
Please forward a copy of the newsletter to me
([EMAIL PROTECTED]) as an attachment and I will adjust the rule
base (if appropriate). This is a service we provide by default to each
subscriber, but we also - in general - code the core rule base to avoid
false positives whenever we hear about them
I caught this when my log analyser told me that I have a test called
SPAM07/02/2003
snip
This does seem to happen occasionally when several processes
are appending
to a text file in a very short period of time (not just with
Declude; it
happens with IMail SMTP32.exe processes as well). My
At 07:27 PM 6/27/2003 -0400, you wrote:
Can
anyone out there recommend a Windows based email client that supports the
redirect command ??
I believe The Bat! does that.
_M
At 10:31 AM 6/28/2003 -0700, you wrote:
Is anyone blocking these content rich fun E-mails? I've had customers
using the program have a raft of problems, the latest seems to be ISP's
bouncing the Email based on the incredimail tag in the headers.
We had some early rules show up due to spam
We tried some generalized patterns in Message Sniffer at first, but always
found too many false positives in the analysis. Now we just wait for an
instance to come by and it's coded in the next update (usually within a
couple hours). No false positives for these codings so far... but of course
At 08:57 AM 6/12/2003 -0500, you wrote:
Hi
I'm using whitelist anywhere as a poor man's whitelist to, since I can't
justify the upgrade to Pro.
I've got the line:
whitelist anywhere nick@
in my global.cfm
(I want to whitelist [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
etc.)
McNeil (Madscientist)
Chief SortMonster (www.sortmonster.com)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
Wouldn't it make sense to follow this logic...
Do the positive weight tests (black tests) first in highest to lowest
weight order.
If the action threshold is reached then skip to the negative weight
tests (white tests) in the same order but keep your place so you can
resume if needed.
If a
In the interim, a less complex method might be to have a setting which
will ignore a white list entry for an address if more than one recipient
is specified. This might take the form of a special kind of whitelist
entry. Most valid messages to postmaster, for example, only have
postmaster as the
You may not always want to do this.
Some apps learn from white-list entries so if you were to prevent them
running when a message was white-listed you would prevent some of that
function. In many cases it might be ok, but not all to be sure.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
Be careful about this...
Be sure that if you create a black rule for this kind of thing that you
capture the href= part as well or else you will have quite a few false
positives - generally from subscribed lists published by larger bulk
houses. URL Encoded web links (partially encoded or fully
for testing with Declude
you will only need to replace your sniffer2.snf file so that you are
evaluating with the most current rule base file.
Hope this helps,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster, www.SortMonster.com
VOX: 703-406-2016
FAX: 703-406
-483-3393
|
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] Behalf Of Madscientist
| Sent: Friday, March 28, 2003 3:36 PM
| To: [EMAIL PROTECTED]
| Subject: [Declude.JunkMail] Message Sniffer Demo Updated.
|
|
| For those of you who are evaluating Message
The Message Sniffer rule for this is also being adjusted/broadened.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
]Sent: Wednesday, March 26, 2003 9:09 AM
]To: [EMAIL PROTECTED]
]Subject: Re: [Declude.JunkMail] Not Failing the comments
| What we are doing is to track the 2000 (user configurable)
| most recent spammer
| IP addresses. The list is maintained as an MRU style list
| (sorted with the
| most recent at the top). If incoming messages reach a user
| defined score, the
| IP address of the spammer is added to the list.
Recommend switching to Savvis/Bridge. They have been our primary for
years and they are awesome.
hth,
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] On Behalf Of Dan Patnode
| Sent: Tuesday, March 11, 2003 2:19 PM
| To: [EMAIL PROTECTED]
| Subject:
-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] On Behalf Of Madscientist
| Sent: Tuesday, March 11, 2003 3:18 PM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] Good ISP?
|
|
| Recommend switching to Savvis/Bridge. They have been our primary for
| years and they are awesome.
|
| hth
1. We are providing the data as a necessary service - the decisions about
how that data is applied are out of our hands. I would hope that they would
be used in an enlightened way, and in our shop we do that - however the
discretion and the definition of enlightened is up to the ultimate owner
of the delay in
ip4dns list detection.
Is this something that would be desired/possible/practical for Declude to
implement?
Thanks,
_M
Pete Mcneil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
---
[This E-mail was scanned for viruses by Declude
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of Keith Johnson
]Sent: Monday, February 17, 2003 9:01 AM
]To: [EMAIL PROTECTED]
]Subject: [Declude.JunkMail] Message Sniffer Information
]
]
]I wanted to gain some advise on using message sniffer. It seems
The average spam/ham ratio for reported logs in Message Sniffer is
70%-75%. That is, 70%-75% of messages on average are spam. This is a
small sample (about 20 systems on average) but it has been a very
consistent range.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL
You could write a psuedotest for Declude which would handle archiving
all messages fitting a particular profile - or all of them. The utility
would see everything and would be integrated just like any other
external test. We've experimented with a few knowledge base training
systems like this
That's quoted printable stuff.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan
| Sent: Tuesday, February 04, 2003 10:14 AM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released
|
|
| Hi;
you are not authorized.
| just glancing at the web try xnk05x5vmipeaof7 instead of the zeroes
| and see if that fixes it. But it should be the string that was in the
| distribution you downloaded.
|
| usually MadScientist replies pretty quickly on these things.
snip
| Terry Fritts
|
Sorry I
The next phase of Message Sniffer development includes a compound
Bayesian hinting algorythm to help modulate the black/white rule set.
Since Message Sniffer works with Declude that's one way this technology
will find it's way into the mix.
Scott's got a good point though - Bayesian filtering (as
No price increase here :-)
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Heath
| Sent: Friday, January 24, 2003 4:52 PM
| To: Madscientist
| Subject: [Declude.JunkMail] Declude in PCMag
|
|
| Congratulations, Scott. Declude
]Something that we are also considering is a test that checks for more than
]X HTML comments in an E-mail (preferably just counting ones in the middle
]of words, such as unsub!-- user --scribe, rather than to !--
]user --
]unsubscribe, as the former prevents filtering whereas the latter
]does
Agreed here - we've been working on various white-rules for these
domains and each attempt has failed due to the amount of actual spam
sourced from these servers.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith
| Sent: Thursday,
,
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of Markus Gufler
]Sent: Sunday, January 05, 2003 8:32 AM
]To: [EMAIL PROTECTED]
]Subject: RE: [Declude.JunkMail] External test question
]
]
]Hi Madscientist,
]
]As I can understand we have a different
According to recently collected Message Sniffer logs, on average more than
70% of incoming email is spam. We have an extremely low reported false
positive rate.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of Smart Business
]Lists
]Sent: Saturday,
You might try .nifty-fun-pages.com
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of paul
| Sent: Tuesday, December 24, 2002 10:01 AM
| To: [EMAIL PROTECTED]
| Subject: [Declude.JunkMail] any ideas?
|
|
| Hey gang,
| First, Merry Christmas,
The Message Sniffer rule base already has a number of patterns like
these (I recognize kara) based on common address patterns that are being
used in spam - these seem to be very effictive and are not likely to
cause false posiive (none reported so far). We've also begun adding
patterns to
this helps,
_M
PS: We do have a number of rules coding for patters like this and they
are very successful - not as successful as we thought they would be, but
still pretty good!
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
| -Original
I might add to this thread that it is fairly common to see Yahoo
Redirects in spam content these days. There are many forms... We also
see redirects through excite, msn, and some unsuspecting corporate sites
- usually referenced by IP.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
|
Another good way to differentiate the encoded characters is to trap on
encoding characters that _should_ be normal ascii letters or numbers. In
theory, the only characters that should be encoded would be outside this
range so it's a good bet that encoding normal characters is an
obfuscation
://www.tenforward.com
| Ten Forward Communications 360-457-9023
| Nationwide access, neighborhood support!
|
| Whenever you find yourself on the side of the majority, it's
| time to pause and reflect. Mark Twain
|
|
|
| - Original Message -
| From: Madscientist [EMAIL PROTECTED]
| To: [EMAIL
we catch symbol 62 differently? V2 is configured as 'nonzero',
]meaning that all return codes other than zero are logged and treated alike
]by Declude.
]
]- Original Message -
]From: Madscientist [EMAIL PROTECTED]
]Subject: RE: [Declude.JunkMail] Filtering E-Greetings
]
]
] Sniffer version
Junkmail with Message Sniffer will also handle it.
All of these and more are included in the Message Sniffer Scumware
Greetings rule group (Symbol 62). We are still looking for a reliable
source for additional domains as they arise.
This was an experimental group but we have had no false
Suggestion: Is it possible to provide a special wildcard character that
matches whitespace and punctuation?
_M
On Fri, 2002-11-29 at 08:23, R. Scott Perry wrote:
Can we filter on the word FREE and not hit FREEDOM, or filter SEX and
not SEXTET.
The question is *what* do you want to filter
Message Sniffer now has a new experimental rule group Scumware
Greetings that contains all of the domains mentioned in the following
message. The new rulesets for this have been published. Version 2 users
will see symbol 62 for this group.
If anybody has a reliable source for the growing list
(Madscientist)
Chief SortMonster (www.sortmonster.com)
VOX: 703-406-2016
FAX: 703-406-2017
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Mike K
| Sent: Wednesday, November 20, 2002 9:06 AM
| To: [EMAIL PROTECTED]
| Subject: Re: [Declude.JunkMail
We attempted implementing a test that counts the number of html comments
and found that it was impractical as it consistently captured a large
number of legitimate services. (Scott, you indicated that it might catch
some - our experience has been that it captures so many we had to drop
it.) I
|
| However, that's the way spam control is heading. As more and
| more people
| get fed up with spam, more and more of the bozos that are
| doing things the
| wrong way will need to fix their problems.
|
| I can understand an HTML E-mail having one or two comments in
| it, but 10 or
| 20
That's a good point. Perhaps we'll do some testing in the new version
for comments bounded by nonwhitespace.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of R.
| Scott Perry
| Sent: Tuesday, November 19, 2002 10:21 AM
| To: [EMAIL PROTECTED]
Our test server does not show any significant difference between Declude
alone and Declude w/ Message Sniffer. Performance logs report average
processing times of about 170ms per message - and this includes the time
it takes to load the rule base and the message under test. Our test bed
server
IMFilter can help with that and it's free.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:Declude.JunkMail-owner;declude.com]On Behalf Of John Tolmachoff
]Sent: Sunday, October 27, 2002 10:13 PM
]To: [EMAIL PROTECTED]
]Subject: RE: [Declude.JunkMail] Unwanted E-cards filling
The test could match any email where from and to are the same but
delivery is not local.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:Declude.JunkMail-owner;declude.com] On Behalf Of Todd Holt
| Sent: Friday, October 25, 2002 10:47 AM
| To: [EMAIL PROTECTED]
| Subject:
An Asside -
Watch out for false positives with this one.
We tried a rule that captured all numeric-only web links as they are a
favorite for porn spammers and mortgage folks.
Unfortunately we discovered that a number of legitimate news services
also do this sometimes so we were forced to begin
That's a bad sign.
None of those ports should be open to the outside world - you risk
having your entire network hijacked. It's good practice to block all
ports that are not required for services you are offering specifically.
But especially block:
135, 137, 138, 139.
Hope this helps,
_M
|
We're getting further off-topic for the Declude list I think.
Apologies again.
| The personal messages are the most difficult and becoming
| worse. They are random and infrequent. They are often among
| the most important messages. Individuals have an
| unbelievable number of private
| Declude probably doesn't need to do anything special - spam
| is still spam, but this really bothers me that spam
| technologies like this are starting to become mainstream --
| Maybe we really do need laws regulating spam as a law would
| quickly stop all these for-profit, but easily
this helps,
_M
]
]Thanks
]Dan
]
]
]
]On Saturday, October 5, 2002 19:18, Madscientist
][EMAIL PROTECTED] wrote:
]Perhaps you misunderstood.
]More than 70% of ALL traffic is captured on average for reporting systems.
]The base includes non-spam as well. In terms of a percentage of spam,
]Declude has
believe the spam filter that comes free with Mac OS 10.2
]does that well by itself, though I haven't tested it for FPs yet.
]Has anyone else tried it?
]
]Dan
]
]
]On Friday, October 4, 2002 14:02, Madscientist
][EMAIL PROTECTED] wrote:
]We have similar circumstances in the email systems that we host
We have similar circumstances in the email systems that we host. We
currently trap more than 80% of incoming messages as spam with our
Message Sniffer software. The average for all reporting systems is
something just over 70%.
I think Declude w/ Message Sniffer is the way to go if you have an
Scott,
Is it possible to enclose phrases in quotes for these filters?
robert allen
If not can this be a feature request?
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of R.
| Scott Perry
| Sent: Thursday, October 03, 2002 10:33 AM
| To:
For now, you will want to whitelist these. The trouble is that many lists
append advertising content to their messages. Sniffer tends to get triggered
by the advertising content.
Next month we plan to release a version that includes compound heuristics.
At that time we will begin adding
Declude does not decode base64, rather it simply detects html base64
segments which are highly likely to be spam.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of Scott MacLean
]Sent: Wednesday, September 25, 2002 8:10 AM
]To: [EMAIL PROTECTED]
that
*weren't* spam? Are there any email clients that actually put out such a
thing?At 08:14 AM 9/25/2002, Madscientist wrote:
Declude does not decode base64,
rather it simply detects html base64segments which are highly likely to
be spam._M]-Original Message-]From:
[EMAIL
Yup - no joy for quite a bit now.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Kratka
]Sent: Tuesday, September 24, 2002 5:49 PM
]To: [EMAIL PROTECTED]
]Subject: [Declude.JunkMail] Web Site ?
]
]
]Is anyone else having difficulties with the
Anecdotally this makes a lot of sense. It was primarily porn spam that
caused us to move our filterchain module development forward in the sniffer
program.
_M
]-Original Message-
]From: [EMAIL PROTECTED]
][mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff
]Sent: Monday, September 23,
This rule 10222 should match only a specific email address... however
the scan index and ended are both z which is not possible.
It is likley you have a corrupted .snf file.
Hope this helps,
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of
Gosh I'd like to know how he made that account and got it spammed so
quickly. That knowledge would be quite a tool.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Tom
| Sent: Monday, September 16, 2002 5:21 PM
| To: [EMAIL PROTECTED]
|
It might be a good test to put into the weights.
Another one would be a test that looks that the sender's (from their
address) and fails if the first MX doesn't match up.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of R.
| Scott Perry
|
The preceeding @ ensures that the match is an email with the example
domain. The preceeding . ensures that the match is the domain used in a
host link like www.example.com and so forth. Without these preceeding
characters the following might also match incorrectly...
legitimatexample.com
Using
I guess that makes sense.
We've got a few accounts like that out there - we set them up, forward
them into our system for evaluation, and never use them for anything
else... but there's a definite 'color' to the content - meaning the spam
we get there is skewed to a specifi strange attractor -
Of Madscientist
| Sent: Tuesday, September 17, 2002 11:10 AM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
|
|
| I guess that makes sense.
| We've got a few accounts like that out there - we set them
| up, forward them into our system for evaluation
This game subverted the entire office. ;-)
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of
| Alexis D. Gutzman
| Sent: Tuesday, September 17, 2002 11:48 AM
| To: [EMAIL PROTECTED]
| Subject: Re: [Declude.JunkMail] Fighting the Menace of
Now there's a sophisticated element to the test. You could key the time to
the geographic region of the sender's IP range. Not much more work (since
it's generally hard-coded) but makes the test useful for determining the
time of day at the sender's location -- in theory anyway.
Thoughts?
_M
Yup. The log for the trial version should be SNFdemo.log.
The 42 you see would be the result code which is the ruleid % 64 + 1 -
not quite specific enough.
Hope this helps,
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of John
| Tolmachoff
|
Can you indicate the specific rule that failed from the sniffer.log
file? I'd like to look it up and see how it's coded.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of John
| Tolmachoff
| Sent: Friday, September 06, 2002 3:29 PM
| To: [EMAIL
I think you're right there...
Spammers didn't invent this as a means of obfuscatoin... It seems that
what happened is some lucky spammers sent out a few messages this way
because that's how their software of choice worked - and they discovered
that it was a good way not to get filtered - and so
We've just added a base64 decoding filter to the Message Sniffer program
for precisely this reason. This makes encoded HTML segments or attached
files look like plain data to the pattern matching engine. There are
other coding tricks in use as well and we are building those filter
modules for
We've seen a lot of this as well, and frankly it works against them.
There are seldom legitimate reasons to obscure a web link - particularly
by coding it as binary or as a long integer. The Message Sniffer rule
base some aggressive rules built to trap any web link that starts off
with more than
I'm not sure you want to go that route - there's a lot of good spam
fodder at the top of a message. The pattern matching engine in sniffer
can afford to wade through the entire message so we've got a lot of
rules in the Sniffer database that start in the top of a message and end
in the bottom.
|
| Answering several E-mails here...
|
| Regexp! :)
|
| Probably wishful thinking, I'm sure writing in pattern
| matching would
| be a hefty involvement.
|
| Yes, regexp would be a very hefty involvement (and very
| resource intensive).
Sniffer's online rule manager is getting closer
We've worked on that beast in the lab - it's a side project. Haven't
seen one out on the street - maybe it's out there somewhere.
The trouble is cost bandwidth. Video capture compression takes a lot
of cycles and essentially requires a whole computer to do - a high-end
one at that, especially
We like this (VNC) also - but it can be slow on the updates some times.
For that, you might use VNC to launch netmeeting - unless you're going
to do something quick. Ironically, we use VNC to kickstart PCAW on boxes
where that's been required - PCAW has a habbit of crashing - VNC
doesn't.
My
Caution...
I had a similar test in Message Sniffer some weeks ago with tragic
results - too many false positives so we had to pull it. We have a mod
in the works to get around this hack - including a stream filter to drop
all html comments before matching.
That would be a good one for you to
Unfortunately this leads to a high false positive rate. (We tried it and
pulled it.)
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of
| Joshua Levitsky
| Sent: Thursday, June 13, 2002 2:11 PM
| To: [EMAIL PROTECTED]
| Subject: Re:
Some spam traps are easier... Another method is to set up the address,
and then use it to visit some shadey web sites... Then cancel your
subscriptions (if required). The email will most certainly be added to
every similar list and will live in perpetuity (based on my
observations).
_M
|
We delete held spam after 30 days.
If a false positive possibility arrizes, we will use a file - search in
our holding bin to identify any messages that have the correct keywords
- If we verify the false positive this way we can not only put it back
in stream, but also adjust our filtering scheme
Title: Message
Make that definitely.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Mark SmithSent: Wednesday, May 29, 2002 7:08
PMTo: [EMAIL PROTECTED]Subject: RE:
[Declude.JunkMail] Spammers getting smarter?
They're probably
Title: Message
It is
a full scale arms race - we've seen some amazing things...
_M
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mark
SmithSent: Wednesday, May 29, 2002 7:08 PMTo:
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail]
Try .postmasterdirect.com
Including the leading dot ensures you're not getting other domains.
Maybe also @postmaster.com for when that gets tried.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan
| Sent: Wednesday, May 01, 2002
I think you might arrange it by creating a new test called BOOL that
uses other test names (including other bools) and allows for a boolean
expression to pass or fail. Then the resulting test could be weighted
in. This would give the most flexibility with the simplest (read most
reliable fast)
No specific idea, but I did just watch a HUGE network instability pass
through the UUNet network... Took the last half hour or so to stabilize
(knock wood). Maybe that's part of it.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Chuck Schick
How about the message is held in the usual place (spam folder)...
Cleanup is a separate function, perhaps a scheduled job to remove older
(30day +) messages from the folder. Declude would intercept a response
message and move the referenced message by queue file name either to the
spool or to
[NOTE: Your mail server [216.88.36.96] is missing a reverse DNS entry. All Internet
hosts are required to have a reverse DNS entry. The missing reverse DNS entry will
cause your mail to be treated as spam on some servers, such as AOL.]
[NOTE: Your mail server [216.88.36.96] is missing a
[NOTE: Your mail server [216.88.36.96] is missing a reverse DNS entry. All Internet
hosts are required to have a reverse DNS entry. The missing reverse DNS entry will
cause your mail to be treated as spam on some servers, such as AOL.]
Thanks... I've forwarded that info as well.
_M
|
[NOTE: Your mail server [216.88.36.96] is missing a reverse DNS entry. All Internet
hosts are required to have a reverse DNS entry. The missing reverse DNS entry will
cause your mail to be treated as spam on some servers, such as AOL.]
Today, I have all the luck. %^b
_M
| -Original
1 - 100 of 119 matches
Mail list logo