Yup I tend to agree. Although just a quick comment. We have currently decided against domain keys as it is CPU intensive and we do not believe it adds that much value. Besides, SM supports domain keys. Sniffer API is on the development schedule right now. OCR is CPU intensive. Our main focus currently has been ensuring stability with IMail and the IMail 10 release.
David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, October 08, 2008 10:27 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Hi, I think that counting countries is not necessarily helpful - specially if you think of other continents. In Europe, many AOL IP blocks are registered to the U.K. Knowing that an email went through two or three countries before reaching you does not really imply anything, specially for corporate emails. I also would think that, by now, spammers don't need to bother to relay through many hops any more. With zombies they have the benefit of sending mails from through just 1 or two relays. So, counting countries is likely to trap more legitimate corporate mail than today's spam. The old ROUTING test is the correct approach, in my opinion. If we're looking to add more tests, then I'm sure there are better candidates to be discussed to see if they are worth the investment in time: DomainKeys, Sniffer-API (to avoid command line calls and heap limitations), OCR, ... Best Regards, Andy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 08, 2008 9:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain If we look at the definition of the ROUTING Test. This test will analyze the route that an E-mail takes, and look for highly inefficient routing that is very common in spam. For example, an E-mail might get caught if it is sent from a dialup in the U.S. to another account in the U.S., but is routed through a server in China, but not if it goes from a mail server in China directly to a U.S. mail server. This may occasionally produce false positives, especially if a mailing list is hosted outside of the United States. This test will probably not work well if your mail server is located outside of the United States. In other words the test is triggered if the following routing occurs: US --> CN --> US Or CN --> US --> NG --> US The other issue faced is that CANADA is part of the US IP block and this too may include EL SALVADOR which in effect is US --> US --> US which would not trigger the test. We may want to create a new test which would trigger if multiple countries are in the routing. Any thoughts would be welcome. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES->EL SALVADOR->CANADA->destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA->UNITED STATES->CANADA->destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ -------- Original Message -------- > From: "Harry vanderzand" <[EMAIL PROTECTED]> > Sent: Wednesday, October 01, 2008 11:35 AM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] country chain > > When spam goes through several countries as in: > > > > X-Country-Chain: UNITED ARAB EMIRATES->POLAND->CANADA->destination > > > > > > Is there a way to add weight to mail that would have travelled this way? > > > > Harry Vanderzand > > NEW ADDRESS Effective Jan 24, 2008 > > Intown Internet > > 117 Ruskview Road > > Kitchener, ON, N2M 4S1 > > 519-741-1222 > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
