On Sat, 5 Jul 2003, Jack Gostl wrote: > > > > Over the past several weeks, I've noticed an increasing amount of > > > spam that is getting through SpamAssassin with scores in the 4.0-4.9 > > > range. This makes me wonder if perhaps some spammers have started to > > > taylor their spams as follows: run the default version of > > > SpamAssassin, feed their messages through it, and keep tweaking the > > > messages until SpamAssassin lets them through. > > > > Train bayes. Everyone has a different bayes db, and they can't > > work around that centrally. > > The problem I'm seeing is that I'm getting messages with a Bayes of 90% > but it still slips through with 4.5-5.
I'm positive that spammers are tuning spam to get past SpamAssassin. Last week, while looking at bounce rejects, I came accross two instances of the same spam (same body, same open-proxy source) which had scores that differed by more than 10. The difference was that one had successfully forged headers to triggger the "nice" score for an exchange server and the other had type-o's that caused it to miss the "brass ring" (it got forged outlook header points ;). I've seen several spam crafted to trip the "nice" scores for good MUAs (USER_AGENT_*). I've been adjusting down many of the "nice" scores as they're starting to just reward clever spammers. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{ ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk