[Declude.JunkMail] Hop High Tweak ?
Scott, Maybe HopHigh should exclude the IANA Reserved Blocks. See below. Global.cfg: HOP 0 HOPHIGH 1 -- Declude Log: 07/08/2002 10:35:19 Qb126104 Msg failed RBL (This E-mail came from 1.4.180.16, a potential spam source listed in RBL.). 07/08/2002 10:35:19 Qb126104 Subject: TopStyle Pro Replacement 07/08/2002 10:35:19 Qb126104 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] -- Header: Received: from daa20725rs002.datareturn.com [64.29.216.165] by inetconcepts.net with ESMTP (SMTPD32-6.06) id A686B230108; Mon, 08 Jul 2002 10:57:58 -0500 Received: from daa20369www001 ([1.4.180.16]) by daa20725rs002.datareturn.com with Microsoft SMTPSVC(5.0.2195.4453); Mon, 8 Jul 2002 10:58:47 -0500 From: TopStyle Support [EMAIL PROTECTED] -- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hop High Tweak ?
Maybe HopHigh should exclude the IANA Reserved Blocks. See below. I believe that it does exclude the Private use IPs (RFC1918). Received: from daa20725rs002.datareturn.com [64.29.216.165] by inetconcepts.net with ESMTP (SMTPD32-6.06) id A686B230108; Mon, 08 Jul 2002 10:57:58 -0500 Received: from daa20369www001 ([1.4.180.16]) by daa20725rs002.datareturn.com with Microsoft SMTPSVC(5.0.2195.4453); Mon, 8 Jul 2002 10:58:47 -0500 http://www.iana.org/assignments/ipv4-address-space shows that the 1.x.x.x Class A range is reserved by IANA today. That means that tomorrow it could be assigned to Korea or China or any other country. Anyone using an IP address in the 1.x.x.x range, even as an internal IP, is running the risk of all sorts of problems. If we hard-code Declude JunkMail to ignore those IPs, and they *do* end up in the hands of spammers, you'll end up with more spam. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Word Filters - Spammers getting smarter
Caution... I had a similar test in Message Sniffer some weeks ago with tragic results - too many false positives so we had to pull it. We have a mod in the works to get around this hack - including a stream filter to drop all html comments before matching. That would be a good one for you to look at Scott if it fits in your system. It turns out that simply counting the number of comments doesn't work reliably. Neither does the comment to content ratio. There are some specific comments that can be filtered - but that's not widely effective except on repeats of the same spam run - although that does reduce the load so we tend to include those when we see the opportunity. For example, a few of the spam runs done by this technique had nursery rhymes built in (I can't quote here)... a few others looked like chunks of personal messages... The producer apparently can point the engine at a text file and have it cycle through that text to pull segments for randomly placed comments in a round-robbin fashion. Hope this helps, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Friday, July 05, 2002 11:22 AM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Word Filters - Spammers | getting smarter | | | | You can see - spammers are adapting their message bodies to | outsmarten | the HEUR and the FILTER tests. | | (Of course, he eventually got lazy and used ! - and, the word | remove still appears in the URL and was not URLencoded.) | | |You are receiving this email as a subscr!--dealers--iberbr |to the Opt!--dealers---In Ameri!ca Mailin!g | Lis!t. | | Yes, this is becoming more common. We are thinking about | adding a test | that checks for a high number of comments within an E-mail. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Lotus Looks to Deep-Six Spam With Domino Upgrade
If you are interested: --- From: Computerworld By JENNIFER DISABATINO JULY 01, 2002 --- IBM's Lotus Software Group unit last week said that the next version of its Notes/ Domino e-mail and collaboration software will include server-side tools designed to stop spam messages before they hit end-user mailboxes. Ed Brill, an IBM software operations manager, said Domino 6 will include a set of antispam tools, plus the ability to automatically block e-mail from suspect IP addresses, such as those placed on the Realtime Blackhole List maintained by Mail Abuse Prevention System LLC (MAPS) in Redwood City, Calif. MAPS, a not-for-profit group run primarily by volunteers, vets complaints about unsolicited bulk commercial e-mail. Companies and Internet service providers can subscribe to MAPS's list and set blocks so their servers won't accept e-mail messages coming from the specified IP addresses. Users can set filters in the R5 version of Lotus Notes client software so that an e-mail that includes the phrase make money fast, for example, will be routed to a folder designated for spam. Brill said Domino 6 will be able to block messages at corporate e-mail gateways, reducing the amount of spam traffic that reaches networks, servers and PCs. The Domino upgrade, which is due out in September along with Notes 6, will also include scripts that e-mail administrators can use to set message-filtering rules. But there's a possible trade-off. Brill acknowledged that having the filters on the server side might make it take longer for legitimate e-mail messages to pass through routers and get to in-boxes. But he didn't specify how much of a performance hit users might experience. A spokesman for Microsoft Corp., Lotus' main rival in the messaging software market, said Microsoft mostly relies on third-party vendors that offer filtering products for Exchange users. And even Lotus will continue to lean on partners for some of the more sophisticated spam-filtering technology after Domino 6 ships, Brill said. Matt Cain, an analyst at Meta Group Inc. in Stamford, Conn., said any improvement in antispam capabilities is a good thing for users. But the antispam technology being added to Domino is not state-of-the-art, he said. Compared with some of the specialized, third-party antispam software now available, Cain added, what Lotus plans is in the same league, but it won't win on feature function. For example, other tools can identify spam signatures and allow users to stop a blast of e-mail messages sent from an IP address that hasn't already been blocked, he said. Just Go Away Domino 6 will include the following antispam capabilities: System rules that let IT administrators filter all incoming mail messages based on their content Preconfigured filtering scripts to which other suspect words and phrases can be added The ability to block messages from IP addresses that belong to known spammers Improved support for using Domino's directory to stop spam from being routed throughout a company --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .