On 12/6/2010 2:47 PM, Colbeck, Andrew wrote:
I have the same position as Scott.
I find that the MessageSniffer product from ARM Research is the most reliable
test
<snip/>
Hotmail in particular would be less effective for the bad guys if I had an
antispam tool that would determine from the headers that the sender was from
Hotmail (or others) and then check the
X-Originating-IP: [111.222.333.444]
<snip/>
I've suggested it before but vendors are, quite reasonably, leery of building
into their product a feature that is specific to a few providers while being
prone to false positives.
Actually, if I may, Message Sniffer has precisely that feature built
into GBUdb training.
Specifically, you can tell Message Sniffer to identify the source IP for
the message based on the presence of a specific header. This feature was
designed specifically for hotmail and other systems that provide a
source IP for one reason or another -- (perhaps complex internal routing).
For configuration information see:
http://www.armresearch.com/support/articles/software/snfServer/config/node/gbudb/training/source.jsp
http://www.armresearch.com/support/articles/software/snfServer/config/node/gbudb/training/source-header.jsp
If you configure this training mechanism for GBUdb in your Message
Sniffer engine then GBUdb will become much more accurate for messages
coming through that source.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
[This E-mail was scanned by Declude]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.