Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
An I missing something? When I try to resolve mtldb.declude.com I get; tracert mtldb.declude.com Unable to resolve target system name mtldb.declude.com. -M - Original Message - From: Serge To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 12:00 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Maybe, since this was such a different item than what we are used to, a small group of invited beta tests would have been prudent. There was a beta test -- just not quite as thorough as it might have been. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott et al, Standing by the sidelines here trying to keep up with this interesting thread and actually have some extra time to chime in. I am very concerned about installing this upgrade with the false positives being reported, dlls and uninstall bug reported, etc. Will Declude be addressing these issues and providing more information, what the install specifically does, suggested configurations concerning false postitives, warnings, ? I do believe this can be a valuable feature of Declude and like the concept. We do something similar via BlackIce firewall we have used for years as an extra layer of security. Over the last year we modifying the issue list file relating to virus signatures blocking IP's for 24 hours when detected. When the 24 hour block expires and upon the next connect from the IP with no virus signature detected the IP is no longer blocked. You can also manually unblock if a customer requests after verifying their work station is clean of virus'. Doing so has created a little extra end user support for us from time-to-time. However, customers love us afterwards because we helped them identify their workstation was infected by a virus unbeknownst to them. Something similar to this automation with Declude would seem helpful. Thanks. -Don Don Schreiner CompBiz, Inc. www.compbiz.net 407-322-8654 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 8:08 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail An I missing something? When I try to resolve mtldb.declude.com I get; tracert mtldb.declude.com Unable to resolve target system name mtldb.declude.com. That is by design -- mtldb.declude.com should not be resolvable. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- CompBiz.Net scanned for Virus' --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
R. Scott Perry wrote: The management could have just said, Scott, you did a great job in the past; take this new project and just do it however you like. But that would have just increased their reliance on me -- whereas this way, I can help mold the new company. They can learn from their mistakes this way (and the mistakes are relatively minor), and move from an average team with above average members to an above average team. The mistakes with this were not relatively minor. While I'm not using the test, others seem to indicate that it is better at detecting ham than it is at detecting spam. Now anyone that installed this is scoring a massive number of false positives at 8 points on their system, and there has yet to be a public announcement from Barry, or an acknowledgment from you as to the issue. This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. This has made me start to rethink my choices because I can't rely on something that has become progressively abstract and recent developments are starting to scare me much more. If you put yourself in my shoes, you would feel exactly the same way. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New Phishing attempt
Just FYI for y'all.. I just go this in one of our mail accounts: ___ Dear Wells Fargo account holder, We regret to inform you, that we had to block your Wells Fargo account because we have been notified that your account may have been compromised by outside parties. Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below. Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below. Thank you for your time and consideration in this matter. Please follow the link below and renew your account information https://online.wellsfargo.com/cgi-bin/signon.cgi Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity. ___ Clicking on the above link takes you here: http://online_wellsfargo_com_account.rndsystems.co.kr:7308/wells.htm ___ Internet headers of message: Received: from sunshim [211.238.153.250] by mail.crescentdigital.com (SMTPD32-6.06) id AC3F1C70038; Sat, 10 Jul 2004 13:49:51 -0400 From: Wells Fargo National Association [EMAIL PROTECTED] To: Hostmaster [EMAIL PROTECTED] Subject: Your account at Wells Fargo has been suspended Date: Sun, 11 Jul 2004 02:46:38 +0900 Reply-To: Wells Fargo National Association [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Mailer: EM: 4.52.0.790 Content-Type: multipart/alternative; boundary=_PartID_397661559923674 X-RBL-Warning: HELOBOGUS: Domain sunshim returns a server failure for MX or A records. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 211.238.153.250 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [211.238.153.250] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: HELOBOGUS, REVDNS [9] X-Note: This E-mail was sent from [No Reverse DNS] ([211.238.153.250]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 381729393 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
does this mean we should stop using the test once our SA expires if we choose not to renew ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 12:07 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MTLDB effectiveness
I can't say that I am overwhelmed with the effectiveness of the MTLDB test thus far. Every single email I have seen come through my server with the MTLDB test triggered on it has been a false positive - in fact, it seems that user not found automated messages originating from the mail servers various ISP's (including HOTMAIL) are a favorite of MTLDB. Is it possible that users with infected machines are sending through their own ISP's servers, and those servers' IP addresses are then being listed in the MTLDB, causing it to show false positives on any mail coming from those servers? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
As a long-time Declude Junkmail/Virus user I feel the need to chime in: FIRST -- many thanks to the list folks for explaining this new thing. Thankfully, I read the list for a few days and decided to not install this beast at all rather than being yet another guina pig. SECOND -- I too am very disappointed by this whole scenario. The biggest attaction to Declude has been the transparency of the product and it's support. An official slogan for Declude might have been of the tech, for the tech, by the tech. It's the only product that was 100% on the same philosophy and thinking that most of us have as techs/admins versus the suits/marketing types at Imail and other vendors. With this new feature, it is clear the new owners (suits) are calling the shots. That's ok, afterall, one can expect Declude to remain a one-man show for ever and still be in business, but it is, of course, disappointing to see Declude slide and decline to the same level as most other vendors. What is MOST ANNOYING, is the lack of transparency with this new feature. It comes with a turnkey auto-installer that mucks with our crucial config files rather than telling us what to do, it doesn't explain what it did, and the test itself was obscure without any good technical background on what it does, how it works, etc. Only after Scott's explanation that Declude is essentially running a DNSBL service, not just a test, and thus the rationale for having paid-up SA (which we have) does seem reasonable, but it was sliped in under backdoor instead of being up-front and explaining this in the rollout. Quite honestly, this seemed like phone home vendor SpyWare and the fact that it was rolled out to us so nonchalently seems to indicate a new arrogance for Declude which most of us, unfortunately, have the pleasure of experiencing daily with many of our other software vendors but never expected Declude to join the fray. My personal assessment is this was intentionally a dry run of a mediocure new feature (witness all the reports of huge false positives) and the real thing here was Declude testing a new methodology for them to roll-out optional services tied to current customer SA's. I assume the next step would be to have some of these new features sold as options and require additonal payment. (The mechanism to verify customer SA's could easily extend to verifying purchase of optional components). This new strategy of slicing the baloney thinly and starting to charge for every new piece is exactly the traditional vendor approach that we hate and loved Declude for avoiding. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott MacLean Sent: Saturday, July 10, 2004 1:06 AM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail And there is one other thing that seems to be missed... Declude is not a simple thing to implement and configure. Those of us running it are more than capable of adding a line to our config files and deciding how to weight it/configure it/otherwise implement it. We don't NEED a click OK to install GUI that does something to our configurations that we're going to have to go change anyway. At 09:19 PM 07/09/2004, Todd Holt wrote: I have a message more for management more than Scott (and I hope they are listening!): Don't fix what aint broken! Declude has a solid following because of the way that Scott has treated IMail users in the past with feature upgrades, release methods and great support. If the new management is going to restrict or force Scott's efforts then the result will be a loss of customers. We are a rather finicky group!! And we know how to latch onto a good product or dump a bad one. I know that Scott is not in complete control any more, but I hope that corporate bureaucracy is not introduced into an otherwise smooth running product. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 4:39 PM To: [EMAIL PROTECTED] Subject: Re: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail We know the Computer Horizons was sold, how much control do you have over Declude these days? That depends on how you define control (no, I'm not a politician!). In this case, the level of control isn't clearly defined. The transition of management can be tricky, and needs to be handled carefully. If the new owners wanted nearly 100% control, they could have it (I definitely would not support that decision, though, and on the other hand, I'm sure they wouldn't try to do that). But it is important for the new owners to have as much control as possible, within reason. Put another way, while the new owners do some things differently than I
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
Folks, The one thing about Declude is that the documentation has always been minimal (I'm trying to be polite here and not use any expletives) Instead of a new pretty facade for Declude (new website) and this new questionable feature rollout, how about getting the owners to hire some really good tech writers and write a great manual with lots of user examples and scenarios? A decent manual would go a long way towards making the products more usable by less than rocket-scientist customers and broaden the market appeal of the products. - And there is one other thing that seems to be missed... Declude is not a simple thing to implement and configure. Those of us running it are more than capable of adding a line to our config files and deciding how to weight it/configure it/otherwise implement it. We don't NEED a click OK to install GUI that does something to our configurations that we're going to have to go change anyway. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. And how are you preventing anyone but current customers with active SAs from using the DNSBL? If someone knows the test site hostname, what is to prevent them from using it? Also, it does not appear that this IP4R test is very robust as almost all queries posted to the server fail with a response of srvfail or timeout with no servers could be reached. Right now it is very rare for mtldb.declude.com to come back with a valid response, either positive or negative. I've got to say that Computerized Horizons struck-out big time on this one. Not only is the test flawed (hitting way more legit mail than spam), it was supplied in a most bizarre fashion. One of the most appealing thing I found about the Declude products was the fact that they were so open and understandable, much like open-source software in the UNIX/Linux world. However, this last update changed all of that and, thus, left a lot to be desired. I know that change is inevitable, but I don't recall anyone asking for graphical installs or graphical upgrades on this list, and I for one hope that Computerized Horizons goes back to the old tried-and-true methods that have worked so well in the past. In the mean time, I have disabled this test because of it very high false-positive hit rate and extremely low valid hit rate on actual spam message. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
does this mean we should stop using the test once our SA expires if we choose not to renew ? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLDB effectiveness
I can't say that I am overwhelmed with the effectiveness of the MTLDB test thus far. Every single email I have seen come through my server with the MTLDB test triggered on it has been a false positive - in fact, it seems that user not found automated messages originating from the mail servers various ISP's (including HOTMAIL) are a favorite of MTLDB. Is it possible that users with infected machines are sending through their own ISP's servers, and those servers' IP addresses are then being listed in the MTLDB, causing it to show false positives on any mail coming from those servers? We do plan to address the issue with false positives, and expect to find a solution to the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
SECOND -- I too am very disappointed by this whole scenario. The biggest attaction to Declude has been the transparency of the product and it's support. An official slogan for Declude might have been of the tech, for the tech, by the tech. It's the only product that was 100% on the same philosophy and thinking that most of us have as techs/admins versus the suits/marketing types at Imail and other vendors. With this new feature, it is clear the new owners (suits) are calling the shots. That is true -- and that is the way that it should be. :) As John pointed out, we are essentially testing the waters here. It's a chance for the new owners and myself to see how they operate. Remember, they haven't been in the anti-spam/anti-virus business as long as I have. They are not (yet) experts in this industry. They are going to make mistakes. It's only by making mistakes and learning from them that they can effectively take over this business. If I just tell them what to do, they aren't going to be running the business, and they aren't going to be able to add anything to it. If I guide them, they can learn, and become experts with a very strong business background and a tech edge. That's ok, afterall, one can expect Declude to remain a one-man show for ever and still be in business, but it is, of course, disappointing to see Declude slide and decline to the same level as most other vendors. Rather than thinking of it as sliding and declining, how about thinking of it as the new owners starting at the same level as most other vendors (where they would naturally start), and me guiding them up to where Declude has been. What is MOST ANNOYING, is the lack of transparency with this new feature. It comes with a turnkey auto-installer that mucks with our crucial config files rather than telling us what to do, it doesn't explain what it did, and the test itself was obscure without any good technical background on what it does, how it works, etc. It's also important to remember that one of the biggest costs in selling software is support. And we (including me) spend a lot of time with people that just shouldn't be running a mailserver. Heck, even people who know what they are doing can get mislead by Windows sometimes (I'm *POSITIVE* the file is named global.cfg, not global.cfg.txt -- Windows Explorers says so!, where Windows Explorer is hiding the .txt extension). We (both the new management and myself) figure that an install program for Declude and a GUI interface is going to help reduce the support requirements (which makes us and new customers happy). Think of this as a test run for those. With input from this, we can help ensure that the install/GUI goes more smoothly than it otherwise might. My personal assessment is this was intentionally a dry run of a mediocure new feature (witness all the reports of huge false positives) and the real thing here was Declude testing a new methodology for them to roll-out optional services tied to current customer SA's. I assume the next step would be to have some of these new features sold as options and require additonal payment. (The mechanism to verify customer SA's could easily extend to verifying purchase of optional components). This new strategy of slicing the baloney thinly and starting to charge for every new piece is exactly the traditional vendor approach that we hate and loved Declude for avoiding. FWIW, I can't see that happening. The owners are aware that there are ways to get more money out of existing customers, but they also know the value of a happy customer. They haven't raised any prices, which they could have easily done. They haven't switched the focus of Declude to target the bigger fish out there. There's a reason that I am here responding at 4:30 on a Saturday afternoon. There are a lot of other things that I can be doing. One of my main concerns about finding new management for Declude was that my customers would be treated well. And I am quite confident that will happen. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
And how are you preventing anyone but current customers with active SAs from using the DNSBL? If someone knows the test site hostname, what is to prevent them from using it? We'll be monitoring it, and if it appears as though it is being misused, we may restrict by IP address. Also, it does not appear that this IP4R test is very robust as almost all queries posted to the server fail with a response of srvfail or timeout with no servers could be reached. Right now it is very rare for mtldb.declude.com to come back with a valid response, either positive or negative. I'll have to look into that. There is a known issue where some lookups are not working properly, but I was unaware that there were any timeouts or server failures. I know that change is inevitable, but I don't recall anyone asking for graphical installs or graphical upgrades on this list, and I for one hope that Computerized Horizons goes back to the old tried-and-true methods that have worked so well in the past. The reason few people ask on this list is because the people that need the GUIs and install programs are the ones that say What's a mailing list? It's hard for some of us to believe, but there are a lot of mailserver admins out there that don't know what a mailing list is. As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Standing by the sidelines here trying to keep up with this interesting thread and actually have some extra time to chime in. I am very concerned about installing this upgrade with the false positives being reported, dlls and uninstall bug reported, etc. Will Declude be addressing these issues and providing more information, what the install specifically does... That's what I am working on. As for the install, it has you register on our website (if you have not done so yet), and adds a line to the global.cfg file. The install program was really designed for non-techies. ... suggested configurations concerning false postitives, warnings, ? We're working on that. The beta period was unfortunately short and not as widespread as it should have been. I do believe this can be a valuable feature of Declude and like the concept. Agreed. We do something similar via BlackIce firewall we have used for years as an extra layer of security. Over the last year we modifying the issue list file relating to virus signatures blocking IP's for 24 hours when detected. When the 24 hour block expires and upon the next connect from the IP with no virus signature detected the IP is no longer blocked. The difference here is that the test is designed to block spam from hijacked computers, rather than block viruses, so the IPs need to be in the database for quite some time. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
The mistakes with this were not relatively minor. While I'm not using the test, others seem to indicate that it is better at detecting ham than it is at detecting spam. Now anyone that installed this is scoring a massive number of false positives at 8 points on their system, and there has yet to be a public announcement from Barry, or an acknowledgment from you as to the issue. The issue is that this test was developed with just minor input from me, which included only a very short beta period. That's why there are the issues that are being discussed here. This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. I personally think that it is the best way to transition a business. Again, we should focus on the *next* project, rather than this one. The most important question is whether the issues that are being brought up here are addressed in the next project. If not, there is serious cause for concern; if so, this project has helped bring the new management to the level we all want to see them at. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. Would you mind elaborating on this a bit? What do you think could be done to improve the situation? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
That's what I am working on. As for the install, it has you register on our website (if you have not done so yet), and adds a line to the global.cfg file. The install program was really designed for non-techies. At some point when this gets ironed out will the config line be made available either through the list or through directly emailing support to verify that you have an active support agreement? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. Because of your positive track-record, Scott, I am willing to wait and see how future developments go. You have certainly earned that level of respect from me. Thanks for the feedback! Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Ditto! Go enjoy whats left of your weekend. Jay - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 3:52 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail - Original Message - From: R. Scott Perry [EMAIL PROTECTED] As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. Because of your positive track-record, Scott, I am willing to wait and see how future developments go. You have certainly earned that level of respect from me. Thanks for the feedback! Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
R. Scott Perry wrote: This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. I personally think that it is the best way to transition a business. Again, we should focus on the *next* project, rather than this one. The most important question is whether the issues that are being brought up here are addressed in the next project. If not, there is serious cause for concern; if so, this project has helped bring the new management to the level we all want to see them at. In this case I'm mostly concerned that this got out the door and the environment that allowed for that. The idea is very honorable, but using the data that you have, I'm pretty sure that it's impractical to implement without spending much more time on it. There are other issues such as privacy that I'm not comfortable with either. If you are going to gather information from our systems and use this information for other purposes such as this, you should put a strict privacy policy in place and allow people to opt-out without turning off their forging virus detection capabilities. In this case, I worry that any of my clients that might have sent a virus is now listed in your database and potentially being blocked by other admins, and I would prefer that my data not be used in this test since it is not accurate and could cause issues for my customers. I think that it's my responsibility to look after this data since it came from my service, but I have had no input on how it is used. The new management should be more conscious of such things, and I think this would be expected in this industry to have an opt-in policy with a disclaimer about it's use. I share my data with Sniffer, although it is not personally identifiable, and it's my choice as to whether or not to share it. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. Would you mind elaborating on this a bit? What do you think could be done to improve the situation? I would recommend pulling the test by emptying the zone. Like you said, there are a lot of admins that don't know how to actually administrate, and they are likely to just install this test and forget about it. I'm a bit alarmed by the lack of corrective action here, and personally I don't believe that you can make accurate use of this data without a process such as the one used by CBL that limits nominations by way of reverse DNS patterns, and that will take time (proving me wrong would also be fully acceptable). So while I believe that it was a mistake that it got out the door in the first place, I think it's also a mistake not to react to it more aggressively. This doesn't affect me, but it is telling so far as how well the new management understands the environment, and how responsive they are to their customers needs. I believe the proper recommendation would be to not install this test at this time, am I incorrect about that? As far as improving the situation goes, there are a lot of things that make me feel uncomfortable, primarily because it seems like we're still talking to you, but other people are calling the shots and doing development with seemingly little interaction from this community. If you look at the features added to Declude in the last year or so (my history here at least), it appears that all the major developments except for CMDSPACE came from interacting with people in this group, some of course more obvious than others, and given the new owner's inexperience in this market, it would make sense that they at least read the list and maybe ask questions. The isolation from the wealth of knowledge that exists here makes no sense to me. I'm very much unsure now if the new owners are concerned enough about people like myself that are operating gateway services and seek a higher level of flexibility. I am guessing that they see more potential in the single domain/ISP type implementations and have bought into the idea that one must provide a GUI so that less experienced admins can make better use of the product, and that the power users needs may not justify to them the commitment or resources necessary to keep us happy. I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. I'm completely in the dark about what the new management is
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
As John pointed out, we are essentially testing the waters here. It's a chance for the new owners and myself to see how they operate. Remember, they haven't been in the anti-spam/anti-virus business as long as I have. They are not (yet) experts in this industry. They are going to make mistakes. It's only by making mistakes and learning from them that they can effectively take over this business. If I just tell them what to do, they aren't going to be running the business, and they aren't going to be able to add anything to it. If I guide them, they can learn, and become experts with a very strong business background and a tech edge. But there is one thing missing in this whole issue that I have been waiting to see if it would come about, but has not. Therefore, I am going to state the fact. Yes, this is a good way for them to get their feet wet and all that. But... I have not seen any post by Barry or any others of the new team saying Hey, this is something we thought we would try and it had a good idea and thought but gee wiz golly oops there are some issues with it and we value your opinions of this test and will your comments to help us better understand and prepare for the future. Nothing personal Scott, but so far all we have seen is your responses defending it maybe a little more adamantly than you need to. Testing the waters if fine. But when a person steps into hot water, it would be normal for that person to react and say ouch or something. Besides, the first rule of making mistakes is admitting it. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Support Agreements
Starting a new thread so as not to muddle the existing ones. For those of us that support/maintain/consult on other Imail/Declude servers, I think it would be a good idea to allow us to check the status of a SA for a particular server we work on, and if valid, do what ever we need to on the server without having to have that client or a special e-mail set up for activation or what ever. Example, on this new test. (Which I have not implemented yet.) Instead of registering for each server I work on, I could just check the database or file or webpage or whatever to see if there is a valid SA for it, and if so just add the line to their configuration files. If not, advise them that they have no current valid SA and that will limit what I can do on the server. BTW, I kind of thought that maybe that is what the Affiliate program was going to be, but since I have now applied 3 times with no response, I guess once again do not assume. Oh wait, maybe they are trying to tell me something. ;) (Trying to throw some humor in here.) John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Here is a potential problem with this test. I have a backup MX server that forwards all to my main server. Yes, 95% of the e-mail that flows through this server is spam/virus. However, since Declude Virus does not allow you to bypass and IP, Declude Virus sees all e-mail coming through that server as from that IP, and that IP is listed if your virus database. Now, say for what ever reason a outgoing e-mail from one of my clients has that IP in the headers as hop 1 or 2. (I have a client right now sending all outgoing through that server until I am able to resolve another issue.) They happen to send to a domain that is using Imail/Declude and is using this new test. Their message is going to false positive on that test. Therefore, this goes back to requesting a feature in Declude Virus of IPBYPASS. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. The way I see it happening, there would be a cute install program and GUI interface -- but everything could still be manually configured. FWIW, I would have added an install program and GUI had I had time. You would be surprised how many people ask support I just bought Declude JunkMail and it hasn't blocked any spam, what is wrong?, simply because they didn't change the default configuration (with the WARN action for all tests) to block spam. For every person on this list (who tends to be quite knowledgeable about computers, or working to get to that point), there are several off the list that either don't have the knowledge or don't have the time to learn about the configuration. The install program and GUI interface don't necessarily need to take away from advanced features (some of which have been getting added to interims over the past few months). You could add new features by releasing a combination of executable and a separate GUI application, and still allow power users to avoid the GUI system all together. That is exactly how I see it being done. :) In the mean time, it would make sense to also spend some time tightening up loose ends which have not been getting that much attention. If you asked for everyone's top 5 list from around here at least, I'm pretty sure that it would include things besides a new DNSBL test on virus data with a GUI installer, or the GUI itself. Declude is very capable at the moment, but there are some loose ends that could be tied up over a short period of time that would really help finish the foundation. Voicing what those are in this list however would be a waste of time if those that are calling the shots aren't listening. FWIW, at this point, I am almost completely in charge of adding new features to Declude. Yes, management could veto my decisions about Declude, but they know that could be very risky. If you want a list, I'll draft one for you, but I don't wish to bogart your time, and I have one request outstanding that I feel is my #1 wish and is widely sought by your customer base from what I can tell. I'm working on that one. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At some point when this gets ironed out will the config line be made available either through the list or through directly emailing support to verify that you have an active support agreement? I'm going to recommend that in the future, they provide a way of bypassing the whole 5MB download process for people who don't want it -- where people could go to a URL to either register or log on, and then get the information they need to add the test manually. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
But there is one thing missing in this whole issue that I have been waiting to see if it would come about, but has not. Therefore, I am going to state the fact. Yes, this is a good way for them to get their feet wet and all that. But... I have not seen any post by Barry or any others of the new team saying Hey, this is something we thought we would try and it had a good idea and thought but gee wiz golly oops there are some issues with it and we value your opinions of this test and will your comments to help us better understand and prepare for the future. I'm going to be letting Barry know about what is going on with this thread. He doesn't monitor this list, but does get a copy of every single support request that comes in, which in my opinion is more important at this stage. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Support Agreements
Example, on this new test. (Which I have not implemented yet.) Instead of registering for each server I work on, I could just check the database or file or webpage or whatever to see if there is a valid SA for it, and if so just add the line to their configuration files. If not, advise them that they have no current valid SA and that will limit what I can do on the server. Unfortunately, this is difficult to accomplish -- the main problem is in determining that you have authority to check the information on other users. BTW, I kind of thought that maybe that is what the Affiliate program was going to be, but since I have now applied 3 times with no response, I guess once again do not assume. Thanks for letting me know about this -- I'll pass this on to the person handling the affiliate program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
I'm going to be letting Barry know about what is going on with this thread. He doesn't monitor this list, but does get a copy of every single support request that comes in, which in my opinion is more important at this stage. But isn't this list considered the first line of support? Therefore, I would think that Barry would be at least subscribed to the list so he can see what is going in real time, whether or not he has time or the ability to respond. Which in response to your response on another response (follow that) those that are contacting Declude via support, I hope you are pointing them to this list, as that will take off some of the load from you. BTW, who does the live support? (Please do not tell me outsourced.) John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
- Original Message - From: Jeff Pereira [EMAIL PROTECTED] Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? It is thought that systems that have been compromised by a virus can also be hijacked by spammers to send out spam. While this is true in many instances, I believe that this is also the flaw in the new MTLDB test. In my experience, most people that get infected by a virus act pretty quickly to clean patch their machines. That's probably why we are seeing such a high false-positive hit rate with this test. With that said, I'm not sure what they can do to make this test more accurate and reliable, but I will wait and see, and maybe possibly be shown the light and re-enable the test in the future. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? Most reports are that more than 50% of all spam is now coming from zombies, which typically are home computers that were infected by a virus that installs a trojan horse that the spammer has control over. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
But isn't this list considered the first line of support? This list often discusses very technical issues, pushing Declude to its limits, feature requests, etc. Those are important issues for management to be aware of, but for them to get up to speed, monitoring the day-to-day support requests seem more appropriate. BTW, who does the live support? (Please do not tell me outsourced.) It is not outsourced. :) It's the same people who respond to the support questions, which normally are David and myself. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
letting Barry know about what is going on with this thread. He doesn't monitor this list Wow - I kind of knew this all along, but still Wow!. For a company of your size, management having the finger on the pulse of their customer base is one of the foremost priorities. The fact that they are willing to fly blind and make or veto critical decisions without having a feel for the day-to-day issues and concerns of their customers speaks volumes by itself. It validates my very personal gut feeling I've been having since the ownership change. It's a sad affair that someone has to let them know about what's going on on their OWN list! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? Some of the newest viruses are written and designed with the sole purpose in mind that they become zombie SMTP servers. Then, when given a command, the propagate spam either that was sent to them, or that the virus retrieves from another server. There have even been some news articles saying this. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New Multiple Threat Lookup Database test for Declude JunkMail
BTW, who does the live support? (Please do not tell me outsourced.) It is not outsourced. :) It's the same people who respond to the support questions, which normally are David and myself. As if you do not have enough work to do... BTW, it is now 8:30 PM there. Time for your regular Saturday night. Let the interns finish. ;-) John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Jeff, I for one agree with you. This test seems worse than useless to me. To somehow think that an IP address that was previously infected by a virus has anything to do with SPAM is beyond me. Seems like a dangerous test that I want no part of. -Joe - Original Message - From: Jeff Pereira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 6:59 PM Subject: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Most reports are that more than 50% of all spam is now coming from zombies, which typically are home computers that were infected by a virus that installs a trojan horse that the spammer has control over. -Scott --- I don't know if that's an accurate figure or not, but it seems like a lot of work for a spammer that can use any of thousands easier ways to send their messages. Additionally as Microsoft and others continue to lock down their products this should not be much of an issue. This seems like a pet project gone wild or something like that. Somebody came up with an elaborate test for a non-issue. If Declude would have put as much effort into developing a private, and very accurate DNS based SPAM test then I would be singing praises. Just my opinion. -Joe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Thanks for the response, it puts my anxiety more at ease having some of these things answered. If you want to get Dave up to speed faster, loan him to me for a month and I'll show him this side of things. Free room and board :) But seriously, if they aren't ready for what gets said here, maybe they shouldn't be making certain decisions, designing installers and implementing RBL's quite yet? I wouldn't expect even the best and brightest to pick up on that stuff so fast. Being sheltered from it for a period of time probably makes sense, just not what they are doing as a whole, or at least without more guidance. They will take years in isolation for them to recognize the need for some of the things that get discussed here, especially since as you accurately point out, most don't even get the basics and these are the people that they interact with the most. These people are a good segment to spend more time accommodating than you have been able to traditionally, but they are just one side of the business. I'm all for your GUI because I know it will make your business more successful even though it will probably be of no use to me at this point. I certainly could have used it in the beginning and I would have probably bought Declude earlier than I did. I'll bet that Dave might even be able to teach you a few things in that regard, and it would keep them out of playing with the executable for that much longer :) Matt R. Scott Perry wrote: I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. The way I see it happening, there would be a cute install program and GUI interface -- but everything could still be manually configured. FWIW, I would have added an install program and GUI had I had time. You would be surprised how many people ask support I just bought Declude JunkMail and it hasn't blocked any spam, what is wrong?, simply because they didn't change the default configuration (with the WARN action for all tests) to block spam. For every person on this list (who tends to be quite knowledgeable about computers, or working to get to that point), there are several off the list that either don't have the knowledge or don't have the time to learn about the configuration. The install program and GUI interface don't necessarily need to take away from advanced features (some of which have been getting added to interims over the past few months). You could add new features by releasing a combination of executable and a separate GUI application, and still allow power users to avoid the GUI system all together. That is exactly how I see it being done. :) In the mean time, it would make sense to also spend some time tightening up loose ends which have not been getting that much attention. If you asked for everyone's top 5 list from around here at least, I'm pretty sure that it would include things besides a new DNSBL test on virus data with a GUI installer, or the GUI itself. Declude is very capable at the moment, but there are some loose ends that could be tied up over a short period of time that would really help finish the foundation. Voicing what those are in this list however would be a waste of time if those that are calling the shots aren't listening. FWIW, at this point, I am almost completely in charge of adding new features to Declude. Yes, management could veto my decisions about Declude, but they know that could be very risky. If you want a list, I'll draft one for you, but I don't wish to bogart your time, and I have one request outstanding that I feel is my #1 wish and is widely sought by your customer base from what I can tell. I'm working on that one. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Seems that Computerized Horizons should read their own press releases before sending them to Business Wire. If a current Service Agreement is required then the following paragraph from the Computerized Horizons pr is a lie: Although immediately available at no charge to current Declude 'JunkMail' customers the company is open to discussing licensed access by others wishing to eradicate this threat. The test is NOT free to current Declude 'JunkMail' customers if a current Service Agreement is required. Here's the Press Release by Computerized Horizons if interested: http://www.tmcnet.com/usubmit/2004/Jul/1055222.htm Hope they issue a correction! -Joe - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 3:08 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail does this mean we should stop using the test once our SA expires if we choose not to renew ? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Joe Wolf wrote: I don't know if that's an accurate figure or not, but it seems like a lot of work for a spammer that can use any of thousands easier ways to send their messages. Additionally as Microsoft and others continue to lock down their products this should not be much of an issue. It was misguided, but the basis for the idea is solid. 'Zombies' account for about 60% to 65% of my spam currently, and the percentage that comes from these hijacked computers has risen by over 50% since March, and despite the fact that Congress legalized static-type spammers (ones that own their spam servers instead of hijacking others). These spam zombies start out as infected machines, and there is no doubt that some viruses were designed to be used to create networks of spam zombies. These viruses install the necessary SMTP software for delivering E-mail and they will phone home to report themselves ready for duty. It's widely reported as well that networks of zombies are leased by individuals for spamming. There are probably over 100,000 spam zombies in use during a 24 hour period based on statistics that I have seen from SenderBase. The problem with this test is that a minority of infected computers will be used for spamming, and there is no good way to isolate those machines from others. Over time, this list of IP's would probably cover more than half of the active zombies, but it would also cover many other unexploited sources. There are other issues such as servers bouncing viruses to forged from addresses and truely dynamic IP's that IMO make this test impractable. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Are these zombie machines also not trying to spread the same virus allowing them to exploit smtp to other machines? This was my understanding this occurred and my previous reference to using similar strategy with BlackIce blocking IP's for 24 hours with detected signatures. Thus also blocking Spam outgoing from these same machines. -Don - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 8:16 PM Subject: Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam Forgive me, but I don't really see the rationale that because an IP address has been flagged as sending viruses that it is also sending out SPAM. Can someone enlighten me on this ? Most reports are that more than 50% of all spam is now coming from zombies, which typically are home computers that were infected by a virus that installs a trojan horse that the spammer has control over. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- CompBiz.Net scanned for Virus' --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Most reports are that more than 50% of all spam is now coming from zombies, which typically are home computers that were infected by a virus that installs a trojan horse that the spammer has control over. I don't know if that's an accurate figure or not, but it seems like a lot of work for a spammer that can use any of thousands easier ways to send their messages. That is how spammers are sending out their spam these days. They started off using open relays, but as more and more people started closing open relays (and as more and more spam databases appeared that could be used to block E-mail from open relays), spammers had to find other ways. They found viruses and realized that they could install trojans on hundreds of thousands of computers, and send out much more spam than they could before. They started doing this several years ago. Maybe there are thousands of easier ways they could be doing it, but they aren't. The experts are all agreed that the majority of spam is coming from these zombies. Additionally as Microsoft and others continue to lock down their products this should not be much of an issue. Hopefully so. But today that just isn't the case. Take a look at the spam you are getting, and check out the reverse DNS entries that they are coming from. You should see a lot of reverse DNS entries that you recognize as being cable/DSL lines that got infected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
Are these zombie machines also not trying to spread the same virus allowing them to exploit smtp to other machines? This was my understanding this occurred and my previous reference to using similar strategy with BlackIce blocking IP's for 24 hours with detected signatures. Thus also blocking Spam outgoing from these same machines. The way it normally works is that the computer gets infected, and it either downloads a trojan horse then, or downloads it later -- but it starts spreading the virus immediately. Then days/weeks/months later, the spammer finds the infected computer, connects to it, and tells it to send spam. So blocking the IP for 24 hours (or until it has stopped sending viruses for 24 hours) helps reduce the load of a mailserver virus scanner, but doesn't help with spam. It's only later (much later) that the spam starts getting sent out. These IPs are ones that should not be sending mail directly, so even if they are listed, it should not block their legitimate E-mail (which would go through the ISP's mailserver). The issue of mailservers getting listed accidentally for various reasons is one that we are going to be investigating. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] The glass is half full
/lurk Meh. I think most angles on this incident have been covered. Stuff was definitely done wrong, but with reasonable business goals behind Computing Horizon's thinking. Some of those didn't mesh well with the active 10-20 power users on the mailing list. For example, I'm sure that a GUI featured prominently on the wish list for those who did the survey. Also, new features probably shouldn't roll out as v1.0, but perhaps as a public beta, and with soup to nuts documentation, and Scott has noted that these are lessons learned. I note that we're not the marketing target if the Declude subscriber base is going to grow; the Declude products started out as excellent add ons to IMail, but have clearly outpaced that description. Heck, I've noted here several times that I bought Declude, and IMail to run it on. CPHZ will grow its profits through more subscribers, not nickle and diming existing subscribers. Subscribers will certainly benefit from Scott leading new features. CPHZ will do better, I'm sure. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
I don't know if that's an accurate figure or not, but it seems like a lot of work for a spammer that can use any of thousands easier ways to send their messages. Additionally as Microsoft and others continue to lock down their products this should not be much of an issue. Not much work at all. The Trojan phones home, spammer gives it instructions, and off you go. And sorry, but Microsoft does not control all those home computers that are the ones being infected. Example, I helped a friend install his XP Home on a old computer. He only has dial up. I told him I would take his computer in a couple of days and run all updates and install his AV software and get it updates. He wanted to try connecting to the Internet so he did for about 20 minutes on a dial up. Guess what, he got a virus. This seems like a pet project gone wild or something like that. Somebody came up with an elaborate test for a non-issue. Actually, the idea is a very good one IMHO. It is the delivery and implementation that is being questioned. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Although immediately available at no charge to current Declude 'JunkMail' customers the company is open to discussing licensed access by others wishing to eradicate this threat. The test is NOT free to current Declude 'JunkMail' customers if a current Service Agreement is required. Well, now we are discussing the meaning of the word current. To me, current means with a service agreement. If some one bought Declude 3 years ago and has not had a service agreement since, can you call them a current customer? Sorry, I back Scott and the others at Declude up on this. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I'm all for your GUI because I know it will make your business more successful even though it will probably be of no use to me at this point. I certainly could have used it in the beginning and I would have probably bought Declude earlier than I did. I'll bet that Dave might even be able to teach you a few things in that regard, and it would keep them out of playing with the executable for that much longer :) Do you know what is funny? When I first started using Declude I was a GUI junky. And while I would like to see some things easier to do, it works the way it is. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The glass is half full
CPHZ will do better, I'm sure. ROLLING EYES Great, now Andrew is professing his love of acronyms. ;) Besides, I think the glass is closer to 3/4 full. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MTLD test -- Relationship between Viruses and Spam
- Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] This seems like a pet project gone wild or something like that. Somebody came up with an elaborate test for a non-issue. Actually, the idea is a very good one IMHO. It is the delivery and implementation that is being questioned. Not from my perspective. Unless and until the data in the MTLDB database is made much more accurate and reliable, the test causes more problems then good. So it's not just the delivery and implementation that are at issue, but the negative impact the test can have on your false-positive rate. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
