Vivek Khera said:
> Is such age-weighting done for the spam corpus as a whole? It seems
> to me that some older spam signatures are being phased out and may not
> be relevent for current spam... but then maybe I'm wrong about that.
Yep, in a more blunt-instrument way; we just try to use the la
> "DQ" == Daniel Quinlan <[EMAIL PROTECTED]> writes:
DQ> Vivek Khera <[EMAIL PROTECTED]> writes:
>> I'm curious how you GA score the RBL hits. RBL's are by definition
>> dynamic with IPs going in and out of the lists all the time. It
>> seems to me the only reliable way to score it would be
Vivek Khera <[EMAIL PROTECTED]> writes:
> I'm curious how you GA score the RBL hits. RBL's are by definition
> dynamic with IPs going in and out of the lists all the time. It
> seems to me the only reliable way to score it would be to see if the
> IP being tested was in the RBL at the time the m
Vivek
> Khera
> Sent: 30 September 2002 14:52
> To: [EMAIL PROTECTED]
> Subject: Re: [SAtalk] Osirusoft - trustworthy?
>
>
> >>>>> "DQ" == Daniel Quinlan <[EMAIL PROTECTED]> writes:
>
> DQ> You need to GA score the RBL rules to achieve a
> "DQ" == Daniel Quinlan <[EMAIL PROTECTED]> writes:
DQ> You need to GA score the RBL rules to achieve a good FP:FN ratio.
DQ> Without GA scoring of the RBLs, you will raise your FPs too much
DQ> because the rest of the GA scores are tuned to achieve a good FP:FN
DQ> ratio.
I'm curious how y
Miles Fidelman <[EMAIL PROTECTED]> [2002-09-28 07:59:30 -0400]:
> On Fri, 27 Sep 2002, Bob Proulx wrote:
> > list spews as the reason. All 105 were spam. That is an average of
> > 21 per week, 3 a day, every day, with zero false positives. I also
>
> I get perhaps 1000 spams a day that are cau
On Fri, 27 Sep 2002, Bob Proulx wrote:
> Daniel Quinlan <[EMAIL PROTECTED]> [2002-09-27 20:12:53 -0700]:
> > My problem with SPEWS is that it is not an accurate way to tag spam.
> > There are too many FPs.
>
> I have heard a lot of derisive commentary about relays.osirusoft.com
> but people still
Daniel Quinlan <[EMAIL PROTECTED]> [2002-09-27 21:58:16 -0700]:
> You need to GA score the RBL rules to achieve a good FP:FN ratio.
> Without GA scoring of the RBLs, you will raise your FPs too much
> because the rest of the GA scores are tuned to achieve a good FP:FN
> ratio.
I disagree that man
[EMAIL PROTECTED] (Bob Proulx) writes:
> Continuing that thought, I disagree that RBLs should be used by the
> GA in SA at all. That RBL data can be different at different times.
> I really believe the GA should be trained on the content of the
> message without RBL input. If it is deprived of
Daniel Quinlan <[EMAIL PROTECTED]> [2002-09-27 20:12:53 -0700]:
> My problem with SPEWS is that it is not an accurate way to tag spam.
> There are too many FPs.
I have heard a lot of derisive commentary about relays.osirusoft.com
but people still use them. Why? Here is some data.
I just went t
On Friday 27 September 2002 20:12, Daniel Quinlan wrote:
> <[EMAIL PROTECTED]> writes:
> > So you admit that your provider is harboring spammers and ignoring
> > complaints about them. As a customer you're in a better position to
> > discuss the problem with your provider than anybody else.
>
> Wo
<[EMAIL PROTECTED]> writes:
> So you admit that your provider is harboring spammers and ignoring
> complaints about them. As a customer you're in a better position to
> discuss the problem with your provider than anybody else.
Wow, what a flaming strawman argument! I admitted nothing of the
sor
Daniel Quinlan said:
> 2. It's not my job. Why should I be forced to harass the ISP because we
>are unlucky enough have IP addresses near some spammers? The SPEWS
> policy just adds to the harm created by spammers. Spammers know how
> to avoid RBLs and often do, they just switch ISPs and c
Matt Kettler <[EMAIL PROTECTED]>
> I definitely agree that trying to separate out some of the lists might be
> a good thing, instead of using relays.osirusoft.com as a single query. Of
> course this also has the drawback of requiring more DNS lookups to get a
> good sampling of lists, but that's p
[EMAIL PROTECTED] writes:
> Have you asked your provider why they don't just boot the spammers?
No, for several reasons:
1. Free colocation is extremely hard to find. We would be crazy to
rock the boat.
2. It's not my job. Why should I be forced to harass the ISP because we
are unlucky
> Matt Kettler <[EMAIL PROTECTED]> writes:
>
> Yes, but with SPEWS, you are listed if you share the same ISP as a
> spammer. I help maintain a /27 network (32 consecutive IP addresses)
> used by several non-profit .org sites (no spammers!), but we are listed
> on SPEWS because there are spammers
For the record, I am aware of the point Dan makes, and in fact I have
more-or-less the same point of view. My original posting mentions it
specifically as being a "high collateral damage policy". It's unclear to me
why Dan quoted this as if it was a counter-point to my message, but just to
avo
Matt Kettler <[EMAIL PROTECTED]> writes:
> Yes, going back up in the thread to my posting yesterday:
>
> http://relays.osirusoft.com/cgi-bin/rbcheck.cgi
>
> This lists which blocklists that OSI uses are listing an IP, and in the
> case of spews, gives links over to spews where you can check
On 27 Sep 2002 at 11:24, Robert L Mathews wrote:
> At 9/27/02 6:51 AM, Michael Moncur wrote:
>
> >> Being listed in SPEWS will trigger these rules:
> >>
> >> RCVD_IN_OSIRUSOFT_COM - generic rule
> >> X_OSIRU_SPAM_SRC - SPEWS specific?
> >
> >According to osirusoft, this is not SPEWS spe
Yes, going back up in the thread to my posting yesterday:
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi
This lists which blocklists that OSI uses are listing an IP, and in the
case of spews, gives links over to spews where you can check the evidence
file for the particular listing.
At 12:
On Fri, 2002-09-27 at 04:51, Miles Fidelman wrote:
> It sort of a shame that Osirusoft doesn't have a way to indicate which
> lists are included in a query-response (e.g. a bit per incorporated list
> in its response).
Can one query the TXT entry for a listed site to get more detail?
At 9/27/02 6:51 AM, Michael Moncur wrote:
>> Being listed in SPEWS will trigger these rules:
>>
>> RCVD_IN_OSIRUSOFT_COM - generic rule
>> X_OSIRU_SPAM_SRC - SPEWS specific?
>
>According to osirusoft, this is not SPEWS specific:
>
>>127.0.0.4 Confirmed Spam Source
>>A site has been ident
On Fri, 27 Sep 2002, Malte S. Stretz wrote:
> The advantage of Osirusoft.com is that you need only one net query to get
> results from all those RBLs merged by Osirusoft. Also should it avoid
> double scores because a site listed in two lists returns only one result.
>
> Malte
>
> P.S.: Those are
On Friday 27 September 2002 12:05 CET Justin Mason wrote:
> Daniel Quinlan said:
> > Perhaps we should generally move away from the multiple site rules
> > (ones that take inputs from more than one site) and focus on single
> > site rules. Then, the GA can do its thing better and we can do our ow
Daniel Quinlan said:
> Perhaps we should generally move away from the multiple site rules (ones
> that take inputs from more than one site) and focus on single site
> rules. Then, the GA can do its thing better and we can do our own
> determination of worth and write our own meta rules rather t
Daniel Quinlan wrote:
>> Being listed in SPEWS will trigger these rules:
>>
>> RCVD_IN_OSIRUSOFT_COM - generic rule
>> X_OSIRU_SPAM_SRC - SPEWS specific?
Michael Moncur <[EMAIL PROTECTED]> writes:
> According to osirusoft, this is not SPEWS specific:
| 127.0.0.4 Confirmed Spam Source
| A
> Being listed in SPEWS will trigger these rules:
>
> RCVD_IN_OSIRUSOFT_COM - generic rule
> X_OSIRU_SPAM_SRC - SPEWS specific?
According to osirusoft, this is not SPEWS specific:
>127.0.0.4 Confirmed Spam Source
>A site has been identified as a constant source of spam, and is manually
[EMAIL PROTECTED] (Justin Mason) writes:
> Can SpamAssassin use Osirusoft without the SPEWS results? If not, I
> recommend we stop using it. SPEWS just has too many FPs for my taste.
That would be fine with me. SPEWS catches a lot of spam, but they
intentionally list entire netblocks to press
Justin Mason" <[EMAIL PROTECTED]> wrote:
> Can SpamAssassin use Osirusoft without the SPEWS results? If not,
> I recommend we stop using it. SPEWS just has too many FPs for
> my taste.
The various X_OSIRU... rules separate out the different return values from the
Osirusoft DNS check. The RCVD_I
On Thursday 26 September 2002 17:56 CET Justin Mason wrote:
> "Rose, Bobby" said:
> > Osirusoft is very good because it includes info from many RBLs. The
> > only problem is that they mirror SPEWS which is surprising that they
> > still do considering all the complaints about SPEWS.
>
> Can SpamA
"Rose, Bobby" said:
> Osirusoft is very good because it includes info from many RBLs. The
> only problem is that they mirror SPEWS which is surprising that they
> still do considering all the complaints about SPEWS.
Can SpamAssassin use Osirusoft without the SPEWS results? If not,
I recomme
tt Kettler; Darren Coleman;
[EMAIL PROTECTED]
Subject: RE: [SAtalk] Osirusoft - trustworthy?
On Thu, 26 Sep 2002, Rose, Bobby wrote:
> Does anyone think it's possible to petition Osirusoft to remove SPEWS
> from their mirroring? Or would it just be a waste of time? I would
> think
On Thu, 26 Sep 2002, Rose, Bobby wrote:
> Does anyone think it's possible to petition Osirusoft to remove SPEWS
> from their mirroring? Or would it just be a waste of time? I would
> think that anyone who would want to use SPEWS still could but separately
> from the larger osirusoft listings.
elman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 11:43 AM
To: Matt Kettler
Cc: Darren Coleman; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Osirusoft - trustworthy?
On Thu, 26 Sep 2002, Matt Kettler wrote:
> As far as trustworthy goes, I trust osirusoft to pretty much list
&g
On Thursday 26 September 2002 04:31, Darren Coleman wrote:
> Hi,
>
> Having received several complaints from customers this morning I was
> shocked to discover that several of our mail servers are blacklisted on
> relays.osirusoft.com and spews.relays.osirusoft.com. Further investigation
> showed
On Thu, 26 Sep 2002, Matt Kettler wrote:
> As far as trustworthy goes, I trust osirusoft to pretty much list everyone
> that's questionable and all their neighbors. I don't trust it to be low
> collateral damage, hence I don't use them as a flat-out blocklist, and I
> generally assign them fewer
As far as trustworthy goes, I trust osirusoft to pretty much list everyone
that's questionable and all their neighbors. I don't trust it to be low
collateral damage, hence I don't use them as a flat-out blocklist, and I
generally assign them fewer SA points than the default.
In your case, don'
26, 2002 7:31 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Osirusoft - trustworthy?
Hi,
Having received several complaints from customers this morning I was
shocked to discover that several of our mail servers are blacklisted on
relays.osirusoft.com and spews.relays.osirusoft.com. Further
On Thu, 26 Sep 2002, Darren Coleman wrote:
> Has anyone had any experience of dealings with Osirusoft and can
> comment/suggest a course of action? Their website doesn't seem to provide
> any specific contact information and - and this would be funny if it weren't
> tragic - attempting to email
Hi,
Having received several complaints from customers this morning I was shocked
to discover that several of our mail servers are blacklisted on
relays.osirusoft.com and spews.relays.osirusoft.com. Further investigation
showed that not only is our entire block of IPs (20 or so Class Cs) listed,
40 matches
Mail list logo