Welcome to the newest fine art, spam
detection. And to think I took Science degree in
University since I though that would be useful J I will look into SPAMCHECK. I am not using
it but I am using a number of Kami’s body filters. Below you say that you have GRAY filters.
What do you mean? Filters that trigger occasionally or filters that are not
very positive in identifying SPAM? Do you score them as 50% of tag weight or
less/more? Do you actually HOLD spam and review or
just tag it and send it and then only deal with what the clients send back? I guess what I am kind of looking for is a
Best Practices Guide and I do not know if one exists. Thanx The From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Welcome to the newest fine art, spam
detection. I try to look for patters. They could be
URLs in the body, key word strings, strings in the headers and so forth. One thing I would suggest (if not
already used) is to use SpamCheck. Using spam check for body filters is less
resource intensive than Declude JM body filters, which are the most resource
intensive. I have both a KEYBODY.txt file and a URLBODY.txt file for use with
SpamCheck, in addition to tweaks that have been done to the SpamCheck ini file. I look for patterns in this order: REVDNS HEADERS SUBJECT MAILFROM HELO BODY Outside of DNS tests, my top reliable
tests that I think I have are (not necessarily in order): SURBL (body filter of SPAMCOP DB) KEYSUBJECT (strings of words frequently seen
in the subject line) SPAMCHECK GRAYFILTER3 (REVDNS, HEADERS, HELO) GRAYFILTER2 (MAILFROM) SUBJECTSTARTSIS (special characters and
other letters generally only seen at the start of a spam subject line) DOTTEDWORDSSUBJECT (strings containing
periods where there is generally none) DASHEDWORDSSUBJECT (strings containing
dashes where there is generally none) UNDERWORDSSUBJECT (strings containing
underscores where there is generally none) GRAYSTRINGMAILFROM (strings often seen
in spam mail from) John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- This is perhaps a bit of a philosophical question as well as
a practical one. I have users sending me back mail that did not get trapped
as SPAM which it obviously is. Now when I look it up some of this stuff scores
really low (like 20 to 50% of the tag weight). It may not be on any blacklist,
it may have minimal text (mostly downloaded pictures) and so I do not catch it.
I see that I have a few options 1) Blacklist it by
sender but that is probably mostly a waste of time since the sender gets
spoofed and changes 2) Do nothing and hope
that it appears on more DNS tests so that it will trip more test and then get
caught (not a great option) 3) Consider blacklisting
the IP but that may not be possible if it is a major e-mail server or may not
be possible if it is a zombie 4) Look for specific
words/phrases in the body, subject etc and try filtering on that 5) Something else,
anything else?? It seems to me that these are my options and none of them
seem really definitive. Now maybe I am looking for something that doesn’t
exist but I thought I would ask here what others do. Any suggestions, thoughts etc would be appreciated. Thanx The |
<<image001.gif>>