RE: [Declude.JunkMail] Image spam
Commtouch works great for me. Kindest Regards Craig Edmonds 123 Marbella Internet Marbella Guide Property Web Portal W: http://www.123marbella.com www.123marbella.com W: www.marbellaguide.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 8:04 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Thank you I will check these out. Kelly _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 21, 2007 12:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Image spam Declude and Image based spam - 4 methods 1. COMMTOUCH Commtouch Recurrent Pattern Detection contains an intrinsic mechanism to exact-match recurrent patterns across similar but not-identical messages. However in the case of images, the minute the spammer makes even the smallest changes to an image, the image-encoded data appears completely different. Commtouch identified this trend in the earliest days of image-based spam, and made the necessary enhancements to its detection engine in order to defend against this new threat with a sophisticated protection shield. Commtouch invested significant resources into developing a method for decoding the images and then sampling them using the proven RPD approach. The result is a significantly improved spam detection rate, while maintaining the same low false-positive rate. 2. CLAMWIN Using ClamAV as a virus scanner with Declude you can download the MSRBL-Images.hdb file which has additional signatures (MD5 sigs) which contains signatures created from images contained within spam emails. http://www.msrbl.com/site/msrblimagesdownload 3. FILTER-CID Identifies emails which contains images increasing the weight suffeciently on spam messages to reach the spam threshold. #EXCEPTIONS BODYENDNOTCONTAINScid: BODYENDNOTCONTAINSContent-Type: image/ #IMAGES BODY3CONTAINSsrc=3Dcid: BODY3CONTAINSsrc=cid: BODY3CONTAINSsrc='cid: BODY3CONTAINSimg src=cid: BODY3CONTAINSimg src=3Dcid: BODY3CONTAINS/cid: #IMAGE TYPES BODY2CONTAINSContent-Type: image/gif; BODY2CONTAINSContent-Type: image/jpeg; 4. VAMSOFT IMAGE SPAM AGENT This tool is an External Agent for ORF 2.1 and newer versions that improves ORF by image spam detection capabilities, but can be used by Declude. http://www.vamsoft.com/vsimagespam/vsimagespam.zip VSIMAGE externalnonzero[path]\Declude\VSIMAGE\imgspamagent.exe -check 40 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, February 21, 2007 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Image spam Has there been a declude filter created for blocking or identifying image spam? If so can somebody post it for me to try. Thank You, Kelly --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
Re: [Declude.JunkMail] COMMTOUCH FP Reporting
Jeff, I had the exact same thing happen. I sent them a list of refid's that were false positives per the false positive reporting document and never received a response back either. Has anyone received a response back? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Jeff [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, March 06, 2007 7:53 AM Subject: [Declude.JunkMail] COMMTOUCH FP Reporting BlankAlthough I have sent FPs to COMMTOUCH in the format that they have requested I have never received a response from them. Am I doing something wrong ?? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] COMMTOUCH FP Reporting
After contacting Declude support, Commtouch does not respond to individuals, only to partners. It would be nice for some response, especially on FP's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, March 06, 2007 9:37 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] COMMTOUCH FP Reporting Jeff, I had the exact same thing happen. I sent them a list of refid's that were false positives per the false positive reporting document and never received a response back either. Has anyone received a response back? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Jeff [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, March 06, 2007 7:53 AM Subject: [Declude.JunkMail] COMMTOUCH FP Reporting BlankAlthough I have sent FPs to COMMTOUCH in the format that they have requested I have never received a response from them. Am I doing something wrong ?? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COMMTOUCH FP Reporting
So what exactly does this mean? We send our false positives to Declude and they send them to CommTouch? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Ken Weise [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, March 06, 2007 10:28 AM Subject: RE: [Declude.JunkMail] COMMTOUCH FP Reporting After contacting Declude support, Commtouch does not respond to individuals, only to partners. It would be nice for some response, especially on FP's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, March 06, 2007 9:37 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] COMMTOUCH FP Reporting Jeff, I had the exact same thing happen. I sent them a list of refid's that were false positives per the false positive reporting document and never received a response back either. Has anyone received a response back? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Jeff [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, March 06, 2007 7:53 AM Subject: [Declude.JunkMail] COMMTOUCH FP Reporting BlankAlthough I have sent FPs to COMMTOUCH in the format that they have requested I have never received a response from them. Am I doing something wrong ?? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] COMMTOUCH FP Reporting
We send them to Commtouch, but get no response. I had reported the same false positive (weekly ad from Newegg) for 3 straight weeks with no apparent action from Commtouch. I ended up having to send it to David Barker, so he can follow up. I think this process should change in some way. We do not get a response to FN's or FP's, and it's hard to tell that Commtouch is actually taking any action to these emails, or just ignoring them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, March 06, 2007 10:46 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] COMMTOUCH FP Reporting So what exactly does this mean? We send our false positives to Declude and they send them to CommTouch? Darrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] COMMTOUCH FP Reporting
I am pretty sure they do take action on them, I have a few questions out to CT and will post soon when I have a reply as for your Newegg Ken, that has been taken care of. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Tuesday, March 06, 2007 11:01 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] COMMTOUCH FP Reporting We send them to Commtouch, but get no response. I had reported the same false positive (weekly ad from Newegg) for 3 straight weeks with no apparent action from Commtouch. I ended up having to send it to David Barker, so he can follow up. I think this process should change in some way. We do not get a response to FN's or FP's, and it's hard to tell that Commtouch is actually taking any action to these emails, or just ignoring them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, March 06, 2007 10:46 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] COMMTOUCH FP Reporting So what exactly does this mean? We send our false positives to Declude and they send them to CommTouch? Darrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] COMMTOUCH FP Reporting
Thanks Dave, I hope they take action, but without a response, it's hard to know the reports are even received, let alone investigated. Sniffer is better in this regard, as we receive a response and outcome to the request. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, March 06, 2007 11:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] COMMTOUCH FP Reporting I am pretty sure they do take action on them, I have a few questions out to CT and will post soon when I have a reply as for your Newegg Ken, that has been taken care of. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Tuesday, March 06, 2007 11:01 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] COMMTOUCH FP Reporting We send them to Commtouch, but get no response. I had reported the same false positive (weekly ad from Newegg) for 3 straight weeks with no apparent action from Commtouch. I ended up having to send it to David Barker, so he can follow up. I think this process should change in some way. We do not get a response to FN's or FP's, and it's hard to tell that Commtouch is actually taking any action to these emails, or just ignoring them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, March 06, 2007 10:46 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] COMMTOUCH FP Reporting So what exactly does this mean? We send our false positives to Declude and they send them to CommTouch? Darrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
