For spam submissions, we are moving to a POP approach because it is more secure and more scalable. In general, spam can be redirected or forwarded to an account on your system and we can pop those messages from there. If you have any clean spamtraps that you would like to share with us then we would pull those messages from a different pop account. (We treat clean spamtraps differently than user submitted spam.)
All spam submissions are treated as suspect, potentially dangerous, and anonymous. For false positives, we use special software on our false@ address that reformats and preprocesses the messages. Our false positives handling is interactive, so it's important to have the format right, and it's also important that false positive submissions come from the system operator - since we may need to collaborate on an appropriate solution. False positives submitted by the end user or through some automated detection should be first reviewed by the system operator before they are submitted to us --- for example, if you have software that generates a false positive report each time a user pulls a message from their quarantine you will likely find that many of those messages are not what you would consider false positives globally on your system... they may even consist of messages that are dangerous or even against your TOS, perhaps selected by error or for curiosity's sake. ;-) When submitting a false positive, you open a new message to us and make the original message an attachment. We will respond to you with an analysis of the message and some recommendations. We will also respond to any questions you may have in your original message. By having a clean message from you with the FP message as an attachment we can be clear about your questions and comments --- we will typically ignore comments found in the actual FP message except to help determine what may have caused the FP. We will generally not modify your rulebase until you respond to our analysis and recommendations and indicate what actions you would like to take. -- The important concept about false positives is that each case opens a dialogue between you (the subscriber, presumably a system operator) and our rule coding staff (usually me personally at the moment). We should not receive spam or false positive reports directly from your customers (in general) because they are not directly authorized to make changes to your filtering system (among other things). Similarly, particularly where false positives are concerned, we do not respond to third party requests for filtering changes --- this would open the door to security problems. This is why our false processing software validates the incoming message against our subscriber base and may even delete messages that are not submitted by registered users or authorized aliases. For more details about how we handle false positives please see our web site: http://www.sortmonster.com/MessageSniffer/Help/FalsePositivesHelp.html Hope this helps, _M On Tuesday, October 11, 2005, 8:06:47 AM, Darin wrote: DC> I believe Pete is moving to a POP account approach. You would set up a POP DC> account for spam and another for false positives, and send them the login DC> info to it. Then have your users forward messages to the POP accounts as DC> attachments (that's the hardest part, which is why we still have them sent DC> to us, to make sure the original headers are in it). DC> Darin. DC> ----- Original Message ----- DC> From: "Kevin Rogers" <[EMAIL PROTECTED]> DC> To: <[email protected]> DC> Sent: Tuesday, October 11, 2005 7:44 AM DC> Subject: Re: [sniffer] Spam keeps getting through... DC> Sorry - I was talking about false positives. I assume we need to send DC> false positives to the false@ address. DC> Can my users send you these messages directly? DC> Or do they need to forward them to me first (as the registered user)? DC> And if they do need to forward false positives to me first, is it OK to DC> simply forward them on to you? DC> It says on your site to create a new email from scratch and send the DC> false positive email as an attachment. Does that mean I should DC> right-click on the message, Save As... an .eml file, and then attach DC> that .eml file to the message I'm sending to you? DC> And is this true for spam as well - do they need to forward them to me DC> and then me to you? DC> Just making sure I'm doing this right. DC> Thanks DC> Pete McNeil wrote: >>It is helpful to get the full headers, however it is simpler and more DC> reliable in most cases to simply forward the message. >> >>_M >> >>On Tuesday, October 11, 2005, 4:46:48 AM, Kevin wrote: >> >>KR> Can we just forward them regularly or do we need to change anything >>KR> about how the headers display when we forward them? >> >> >> >>KR> Pete McNeil wrote: >> >> >> >>>>On Monday, October 10, 2005, 7:55:51 PM, Serge wrote: >>>> >>>> >> >> >> >>>>S> just to make sure, can we now send several spams as attachements in DC> one >>>>S> email >>>>S> ans what adress to use >>>>S> i have 3 that got thru my own mailbox in less than 3 hours >>>>S> they did not even get tagged, only failed sorbs and sorbs_dul >>>> >>>> >> >> >> >>>>oops. missed a step. >>>> >>>> >> >> >> >>>>Please send (redirect/forward) spam that gets through one at a time to DC> [EMAIL PROTECTED] >>>> >>>> >> >> >> >>>>Thanks, >>>> >>>> >> >> >> >>>>_M >>>> >>>> >> >> >> >> >>>>This E-Mail came from the Message Sniffer mailing list. For information DC> and (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html >>>>--- >>>>[This E-mail was scanned for viruses.] >>>> >>>> >> >> >> >> >> >>>> >>>> >>>> >> >>KR> --- >>KR> [This E-mail was scanned for viruses.] >> >> >>KR> This E-Mail came from the Message Sniffer mailing list. For information DC> and >>KR> (un)subscription instructions go to >>KR> http://www.sortmonster.com/MessageSniffer/Help/Help.html >> >> >>This E-Mail came from the Message Sniffer mailing list. For information and DC> (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html >>--- >>[This E-mail was scanned for viruses.] >> >> >> >> >> DC> --- DC> [This E-mail was scanned for viruses.] DC> This E-Mail came from the Message Sniffer mailing list. For information and DC> (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html DC> This E-Mail came from the Message Sniffer mailing list. For DC> information and (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
