On Monday, March 6, 2006, 7:24:20 PM, Andrew wrote: <snip>
CA> I would like to state that I don't need Message Sniffer to CA> identify servers that send bogus postmaster notifications. This CA> would be entirely due to false positives such as the three CA> examples above. CA> Given that spammers clearly recycle their email database as a CA> fake-mailfrom database, any spamtrap address will get bogus bounces and CA> therefore, the spamtraps will flag legitimate senders' IP addresses in CA> Rule 63. CA> I don't expect nor want you to discuss the details of the CA> spamtraps as the point of one class of your spamtraps is that CA> their methods are secret. However, Matt has described a subset of CA> the filters various Decluders have used to filter out postmaster CA> bounces and other reflected noise, and I can certainly chip in on CA> that conversation offline. In addition to all previous IP rule false positives, any new false positives will be kept in the rulebase to prevent any repeats. Regarding outscatter, we do create rules where we can to eliminate known outscatter - when the bounce contains sufficient information to identify it clearly as originating from malware or known spam. However, the trap F001 is using are pre-processed with mediation rules to "blind" the system from these kinds of messages. These rules are not complete (perhaps never will be) but they are pretty good and getting better. With each new case we will be refining what cannot be seen by bots or even people from these sources. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html