On 1/6/07, Raj Shekhar [EMAIL PROTECTED] wrote:
in infinite wisdom Eugen Leitl spoke thus On 01/04/2007 05:27 PM:
On Thu, Jan 04, 2007 at 05:12:35PM +0530, Deepak Misra wrote:
I keep getting such mails. Are these some probes to test spam filters
or are
they to confuse them ??
Bayesian
On Sat, Jan 06, 2007 at 04:36:41PM +0530, Deepak Misra wrote:
I am curious: Is it possible to use this technology in reverse and use
these filters to try and guess the author of a mail given a collection of
previous works by many people ??
Word and phrase probability analysis well predates
On Sat, Jan 06, 2007 at 12:04:43PM +0530, Raj Shekhar wrote:
Spamassassin has been able to tag most of these messages as spam
successfully for me(I am using debain's default setup). For example,
here is X-Spam-Status from one such message
X-Spam-Status: Yes, score=24.406
in infinite wisdom Eugen Leitl spoke thus On 01/04/2007 05:27 PM:
On Thu, Jan 04, 2007 at 05:12:35PM +0530, Deepak Misra wrote:
I keep getting such mails. Are these some probes to test spam filters or are
they to confuse them ??
Bayesian spam filter poison. The payload is in the image.
I keep getting such mails. Are these some probes to test spam filters or are
they to confuse them ??
Anyone have any clues ??
Deepak
-- Forwarded message --
From: NetworkRed [EMAIL PROTECTED]
Date: Jan 4, 2007 4:30 PM
Subject: NewsMovie Reviews Celeb ForumsHang
To: [EMAIL
Deepak Misra wrote: [ on 05:12 PM 1/4/2007 ]
I keep getting such mails. Are these some probes to test spam filters or are
they to confuse them ??
The text is to get past the spamfilters. The actual spam is in an
attached image, usually.
Udhay
PS: Making the best of the situation, I've got
On Thu, Jan 04, 2007 at 05:12:35PM +0530, Deepak Misra wrote:
I keep getting such mails. Are these some probes to test spam filters or are
they to confuse them ??
Bayesian spam filter poison. The payload is in the image.
(Which is one of the reasons I was jumping on people to post
plaintext
Deepak Misra wrote:
I keep getting such mails. Are these some probes to test spam filters
or are
they to confuse them ??
Anyone have any clues ??
You are being spammed. It is passing through your spam filter because it
has meaningless garbled text. It is possible that the text had a URL
Udhay Shankar N wrote:
PS: Making the best of the situation, I've got a fair amount of
entertainment from some of the text in spam of late.
Some of them have random passages from actual books, I think.
At 2007-01-04 12:57:59 +0100, [EMAIL PROTECTED] wrote:
Bayesian spam filter poison. The payload is in the image.
Interestingly, I get a fair amount of this sort of spam where there is
*no* attached image, no embedded URLs, etc. I wonder about that.
-- ams
On 1/4/07, Abhijit Menon-Sen [EMAIL PROTECTED] wrote:
At 2007-01-04 12:57:59 +0100, [EMAIL PROTECTED] wrote:
Bayesian spam filter poison. The payload is in the image.
Interestingly, I get a fair amount of this sort of spam where there is
*no* attached image, no embedded URLs, etc. I wonder
On Thu, Jan 04, 2007 at 05:31:03PM +0530, Abhijit Menon-Sen wrote:
Interestingly, I get a fair amount of this sort of spam where there is
*no* attached image, no embedded URLs, etc. I wonder about that.
Either a crippled spam, or just a Bayesian poison. People classify
them as spam, polluting
On Thu, Jan 04, 2007 at 05:32:43PM +0530, Deepak Misra wrote:
That was my question too - I should have been more clear. When I see an
attachment, I know the poison is there but cant figure out the cases where
there is no attachment.
The poison works when you classify the post as spam.
Eugen Leitl [04/01/07 13:11 +0100]:
Address diversity of zombies is low, anyway, so filtering by
realtime blacklist of point of origin would also work. Greylisting
Ya think? http://cbl.abuseat.org is one of the best in doing this, and it
still cant keep pace
On Thu, Jan 04, 2007 at 05:28:16AM -0800, Suresh Ramasubramanian wrote:
Ya think? http://cbl.abuseat.org is one of the best in doing this, and it
Unbeliever!
still cant keep pace
Cloudmark can keep pace nicely, and it doesn't even penalize by
address diversity but by address. When I say a
Eugen Leitl wrote:
can subscribe to. It's just that zombies on dynamic IPs can
get that many addresses, even if they fall offline every minute,
Even after you block lots of dynamic IP ranges (and a range that quickly
gets populated with cbl entries is .. surprise, surprise, dynamic) ..
On Thu, Jan 04, 2007 at 07:07:59PM +0530, Suresh Ramasubramanian wrote:
Even after you block lots of dynamic IP ranges (and a range that quickly
You don't block. You penalize. That's something different. (You can
penalize by lots of other things, e.g. my firewall can throttle
any Windows hosts
Could some of this stuff be the the product of some splog device?
Eugen Leitl wrote:
You don't block. You penalize. That's something different. (You can
penalize by lots of other things, e.g. my firewall can throttle
When you run something larger than a toy network, you dont prick
yourself in the foot in a pin, even if it blows a big hole in the other
guys
Eugen Leitl wrote:
use, while they still buy service from you. Spam is traffic, and
if traffic passes your infrastructure, you're making a buck for
Spam traffic, for all the ultra high spam volumes now is a drop in the
bucket compared to say P2P, or even usenet.
The costs lie elsewhere [and
On Thu, Jan 04, 2007 at 09:15:32PM +0530, Suresh Ramasubramanian wrote:
Spam traffic, for all the ultra high spam volumes now is a drop in the
bucket compared to say P2P, or even usenet.
What I mean is that you shouldn't care what comes over the switch
port, as long as you get reimbursed for
On 04/01/07 17:07 +0100, Eugen Leitl wrote:
snip
a lot of windows pc users find themselves doing that without their
knowledge .. only, those are smtp engines controled by botnets
Of course -- but they're hammering each ISPs central mail servers.
Only if the ISP blocks port 25. If not, the
22 matches
Mail list logo