Re[2]: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Pete McNeil




On Wednesday, November 2, 2005, 4:56:07 PM, Glenn wrote:




>


I've had quite a lot of bounces (D/Q.GSE pairs) in the past several weeks due to users with full mailboxes, 99.999% of them are bounces on spam.  When I examine the quoted headers in the D.GSE files, an appreciable number of them aren't failing any spam tests, and seems like many of them should at least be failing Sniffer.
 





I see these come to some of our spamtraps also --- the from address forged to match a harvested address... When they contain enough of the original spam we can use them to code new rules. I've not attempted to do this with third party submissions of bounces - it may be risky/confusing, but any time we can get our hands on new spam it's a good thing.

_M





This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html


Re: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Pete McNeil




On Wednesday, November 2, 2005, 4:48:29 PM, Gary wrote:




>


We have had excellent results from Message Sniffer for severals years now.
However, in the past few days items that I feel should have been caught, were not.
Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you.





Yes please. Usually a simple forward to spam@ will suffice.

I too saw a bunch of things come through the last two days that normally wouldn't. I'm not sure what's going on with them except that the normal broadcast patterns have changed a bit. I'm looking for some additional patterns to help nail down the differences.

These are all new spams.

They may be related to some of the new viruses coming out and the zombies created in their wake.

Please always forward spam to us at our [EMAIL PROTECTED] address if it gets to your mailbox.

Also, if you have spamtraps that you would like to share with us please let us know so that we can set up a collection mechanism with you.

The faster we can see the spam the faster we can identify new patterns, of course.

Thanks!

_M





This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html


Re: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Glenn \ WCNet
Title: Message



Yup.  Under a heavy load during the daytime 
and weekdays.  Eases late at night, wee morn hours and 
weekends.
 
 
- Original Message - 
From: Jacques 
Brouwers 
To: sniffer@SortMonster.com 
Sent: Wednesday, November 02, 2005 4:37 PM
Subject: RE: [sniffer] Message Sniffer is not detecting some really 
bad email


I too have had an 
unusual amount of spam messages. Graphic pornography to the CEO’s box, ouch! I 
paste the header info into the spam message I forward to them.  I have also 
noticed that the IMail box is running unusually slow the past few days. It seems 
like it is scanning harder and catching less.  Anyone else noticing the 
slow speed of the IMail box?
 
Jacques
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SchickSent: Wednesday, November 02, 2005 2:48 
PMTo: 
sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not 
detecting some really bad email
 

We have had excellent 
results from Message Sniffer for severals years 
now.

However, in the past few days items 
that I feel should have been caught, were 
not.

Can I submit some samples to you? I 
would be glad to zip a couple of raw message files and email those to 
you.

Please 
advise.

 

Regards,

 

Gary 
Schick

Manager, Enterprise 
Applications

Iroquois Gas Transmission 
System

Shelton, CT 06484

[EMAIL PROTECTED]

203 944 
7024

 

 

 


RE: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Jacques Brouwers
Title: Message








I too have had an unusual amount of spam
messages. Graphic pornography to the CEO’s box, ouch! I paste the header
info into the spam message I forward to them.  I have also noticed that
the IMail box is running unusually slow the past few days. It seems like it is
scanning harder and catching less.  Anyone else noticing the slow speed of
the IMail box?

 

Jacques

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Schick
Sent: Wednesday, November 02, 2005
2:48 PM
To: sniffer@SortMonster.com
Subject: [sniffer] Message Sniffer
is not detecting some really bad email



 



We have had excellent results from Message Sniffer
for severals years now.





However, in the past few days items that I feel should have
been caught, were not.





Can I submit some samples to you? I would be glad to zip a
couple of raw message files and email those to you.





Please advise.





 





Regards,





 





Gary Schick





Manager, Enterprise
Applications





Iroquois Gas Transmission System





Shelton, CT 06484





[EMAIL PROTECTED]





203 944 7024





 





 





 










RE: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Kevin Stanford
Title: Message



I am 
also getting slammed with spam passing sniffer today also. Have not had a chance 
to send them yet
 
Kevin


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gary 
SchickSent: Wednesday, November 02, 2005 3:48 PMTo: 
sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not 
detecting some really bad email

We have had 
excellent results from Message Sniffer for severals years 
now.
However, in the past 
few days items that I feel should have been caught, were 
not.
Can I submit some 
samples to you? I would be glad to zip a couple of raw message files and email 
those to you.
Please 
advise.
 
Regards,
 
Gary 
Schick
Manager, Enterprise 
Applications
Iroquois Gas 
Transmission System
Shelton, CT 
06484
[EMAIL PROTECTED]
203 944 
7024
 
 
 


Re: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Glenn \ WCNet
Title: Message



I've had quite a lot of bounces (D/Q.GSE 
pairs) in the past several weeks due to users with full mailboxes, 99.999% 
of them are bounces on spam.  When I examine the quoted headers in the 
D.GSE files, an appreciable number of them aren't failing any spam tests, and 
seems like many of them should at least be failing Sniffer.
 
G.Z.
 
 
- Original Message - 
From: Gary 
Schick 
To: sniffer@SortMonster.com 
Sent: Wednesday, November 02, 2005 3:48 PM
Subject: [sniffer] Message Sniffer is not detecting some really bad 
email

We have had 
excellent results from Message Sniffer for severals years 
now.
However, in the past 
few days items that I feel should have been caught, were 
not.
Can I submit some 
samples to you? I would be glad to zip a couple of raw message files and email 
those to you.
Please 
advise.
 
Regards,
 
Gary 
Schick
Manager, Enterprise 
Applications
Iroquois Gas 
Transmission System
Shelton, CT 
06484
[EMAIL PROTECTED]
203 944 
7024
 
 
 


Re: [sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Darin Cox
Title: Message



Yep... send them to spam (at), from the email that 
you have on record with them.  Sending as an attachment so they get 
complete headers is usually best, but they can also work with just the body of 
the message.
Darin.
 
 
- Original Message - 
From: Gary 
Schick 
To: sniffer@SortMonster.com 
Sent: Wednesday, November 02, 2005 4:48 PM
Subject: [sniffer] Message Sniffer is not detecting some really bad 
email

We have had 
excellent results from Message Sniffer for severals years 
now.
However, in the past 
few days items that I feel should have been caught, were 
not.
Can I submit some 
samples to you? I would be glad to zip a couple of raw message files and email 
those to you.
Please 
advise.
 
Regards,
 
Gary 
Schick
Manager, Enterprise 
Applications
Iroquois Gas 
Transmission System
Shelton, CT 
06484
[EMAIL PROTECTED]
203 944 
7024
 
 
 


[sniffer] Message Sniffer is not detecting some really bad email

2005-11-02 Thread Gary Schick
Title: Message



We have had 
excellent results from Message Sniffer for severals years 
now.
However, in the past 
few days items that I feel should have been caught, were 
not.
Can I submit some 
samples to you? I would be glad to zip a couple of raw message files and email 
those to you.
Please 
advise.
 
Regards,
 
Gary 
Schick
Manager, Enterprise 
Applications
Iroquois Gas 
Transmission System
Shelton, CT 
06484
[EMAIL PROTECTED]
203 944 
7024
 
 
 


[sniffer] Rule Strength Analysis Upgrades

2005-11-02 Thread Pete McNeil
Hello Sniffer Folks,

  I will be making a significant upgrade to the Rule Strengths
  Analysis program today. The upgrade will make the rule strength
  calculation much more sensitive to the recent activity of any given
  rule so that if a rule stops showing activity it's rule strength
  will drop over time... as that time becomes longer the rule strength
  will drop more radically until the rule is made inactive.

  This will also cause rule fitness decisions to be more competitive
  so that the most effective rules will be more strongly selected over
  time.

  If these adjustments have the desired effect then rulebase
  efficiency will be dramatically increased and rulebase file sizes
  will drop significantly.

  This will improve SNFs performance in two ways:

  1. Rulebase files will be smaller and will require less bandwidth to
  download and to load during operation. There will also be a
  measurable increase in scanning speed (though this is already
  measured in small numbers of milliseconds on most systems).

  2. The smaller, more efficient files can be compiled and delivered
  more quickly which will allow us to increase the rate at which we
  deliver updates.

  YOU DO NOT NEED TO TAKE ANY ACTION :-)

  All of this work will happen on our end of the Internet.

Thanks,
_M

Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html