Re: Re[2]: [sniffer] False positive processing
Right. 15 from today. Let me know what you find out. The ones from the 10th were replies to FP processing to investigate further and apply white rules. The others were normal FP reports. Thanks, Darin. - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Darin Cox" Sent: Tuesday, March 21, 2006 11:52 AM Subject: Re[2]: [sniffer] False positive processing On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote: DC> Nope. None of them. DC> I haven't heard back from the replies to a couple of false positives on the DC> 10th, and we haven't heard anything from our submissions on the 16th (6) and DC> 17th (2). I don't remember if we've heard anything from those on the 15th DC> (4). Right now I'm preparing to process FPs. I have a total of 24. 15 from you. I don't show any others pending. When I'm done I'll go back and look at the 10th, 16th, and 17th to see if I received and responded. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False positive processing
On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote: DC> Nope. None of them. DC> I haven't heard back from the replies to a couple of false positives on the DC> 10th, and we haven't heard anything from our submissions on the 16th (6) and DC> 17th (2). I don't remember if we've heard anything from those on the 15th DC> (4). Right now I'm preparing to process FPs. I have a total of 24. 15 from you. I don't show any others pending. When I'm done I'll go back and look at the 10th, 16th, and 17th to see if I received and responded. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] False Positive - no reaction?
That queue concept would be wonderful! Hopefully it would have some simple info extracted to show recipient, sender, subject, header info, and info on the rule(s) it failed. One of my ongoing challenges is matching responses to reports and following up to see what additional actions are required. Darin. - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 21, 2006 11:16 AM Subject: RE: Re[2]: [sniffer] False Positive - no reaction? Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] False Positive - no reaction?
I like this idea more than the email notification. I really don't need more emails. - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 21, 2006 10:16 AM Subject: RE: Re[2]: [sniffer] False Positive - no reaction? Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] False Positive - no reaction?
Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False Positive - no reaction?
On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false positives are AS> worse than missed spam, so I had assumed that they would always be at the AS> top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email was AS> received. The web site makes it sound as if there's a million reasons why a AS> false positive might not be accepted - so an automatic confirmation might be AS> a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] False positive
Pete, other than database update e-mails, I see know e-mails from "@microneil.com" or [EMAIL PROTECTED] in the last 2 days received by my server. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: Tuesday, September 13, 2005 4:45 AM > To: John Tolmachoff (Lists) > Subject: Re[2]: [sniffer] False positive > > I have your response in my sent folder. > > I will send it again.. > > _M > > On Monday, September 12, 2005, 8:37:52 PM, John wrote: > > JTL> I also have sent some false positives in the last 2 weeks with no response, > JTL> the lastest being at 09/10/05 at 9:49 AM PDT. > > JTL> John T > JTL> eServices For You > > > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] > JTL> On > >> Behalf Of Pete McNeil > >> Sent: Friday, September 09, 2005 5:08 AM > >> To: Ali Resting > >> Subject: Re: [sniffer] False positive > >> > >> On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: > >> > >> AR> Hi Peter, > >> > >> AR> I have submited 3 email to [EMAIL PROTECTED] with all the required > >> AR> fields as per you instaructions on the website, I have not received > JTL> any > >> AR> feedback whether this request has been effected. > >> > >> I cleared the false positives queue last night. I don't see any > >> messages in there from you today. You should have received a response > >> for each submission. I will review my responses and get back to you > >> off list. > >> > >> Thanks, > >> > >> _M > >> > >> > >> > >> This E-Mail came from the Message Sniffer mailing list. For information > JTL> and > >> (un)subscription instructions go to > >> http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > JTL> This E-Mail came from the Message Sniffer mailing list. For > JTL> information and (un)subscription instructions go to > JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False positive
I have your response in my sent folder. I will send it again... _M On Monday, September 12, 2005, 8:37:52 PM, John wrote: JTL> I also have sent some false positives in the last 2 weeks with no response, JTL> the lastest being at 09/10/05 at 9:49 AM PDT. JTL> John T JTL> eServices For You >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] JTL> On >> Behalf Of Pete McNeil >> Sent: Friday, September 09, 2005 5:08 AM >> To: Ali Resting >> Subject: Re: [sniffer] False positive >> >> On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: >> >> AR> Hi Peter, >> >> AR> I have submited 3 email to [EMAIL PROTECTED] with all the required >> AR> fields as per you instaructions on the website, I have not received JTL> any >> AR> feedback whether this request has been effected. >> >> I cleared the false positives queue last night. I don't see any >> messages in there from you today. You should have received a response >> for each submission. I will review my responses and get back to you >> off list. >> >> Thanks, >> >> _M >> >> >> >> This E-Mail came from the Message Sniffer mailing list. For information JTL> and >> (un)subscription instructions go to >> http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL> This E-Mail came from the Message Sniffer mailing list. For JTL> information and (un)subscription instructions go to JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html