Re[2]: [sniffer] Message Sniffer is not detecting some really bad email
On Wednesday, November 2, 2005, 4:56:07 PM, Glenn wrote: > I've had quite a lot of bounces (D/Q.GSE pairs) in the past several weeks due to users with full mailboxes, 99.999% of them are bounces on spam. When I examine the quoted headers in the D.GSE files, an appreciable number of them aren't failing any spam tests, and seems like many of them should at least be failing Sniffer. I see these come to some of our spamtraps also --- the from address forged to match a harvested address... When they contain enough of the original spam we can use them to code new rules. I've not attempted to do this with third party submissions of bounces - it may be risky/confusing, but any time we can get our hands on new spam it's a good thing. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Message Sniffer is not detecting some really bad email
On Wednesday, November 2, 2005, 4:48:29 PM, Gary wrote: > We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Yes please. Usually a simple forward to spam@ will suffice. I too saw a bunch of things come through the last two days that normally wouldn't. I'm not sure what's going on with them except that the normal broadcast patterns have changed a bit. I'm looking for some additional patterns to help nail down the differences. These are all new spams. They may be related to some of the new viruses coming out and the zombies created in their wake. Please always forward spam to us at our [EMAIL PROTECTED] address if it gets to your mailbox. Also, if you have spamtraps that you would like to share with us please let us know so that we can set up a collection mechanism with you. The faster we can see the spam the faster we can identify new patterns, of course. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message Yup. Under a heavy load during the daytime and weekdays. Eases late at night, wee morn hours and weekends. - Original Message - From: Jacques Brouwers To: sniffer@SortMonster.com Sent: Wednesday, November 02, 2005 4:37 PM Subject: RE: [sniffer] Message Sniffer is not detecting some really bad email I too have had an unusual amount of spam messages. Graphic pornography to the CEOs box, ouch! I paste the header info into the spam message I forward to them. I have also noticed that the IMail box is running unusually slow the past few days. It seems like it is scanning harder and catching less. Anyone else noticing the slow speed of the IMail box? Jacques From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SchickSent: Wednesday, November 02, 2005 2:48 PMTo: sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
RE: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I too have had an unusual amount of spam messages. Graphic pornography to the CEO’s box, ouch! I paste the header info into the spam message I forward to them. I have also noticed that the IMail box is running unusually slow the past few days. It seems like it is scanning harder and catching less. Anyone else noticing the slow speed of the IMail box? Jacques From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Schick Sent: Wednesday, November 02, 2005 2:48 PM To: sniffer@SortMonster.com Subject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
RE: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I am also getting slammed with spam passing sniffer today also. Have not had a chance to send them yet Kevin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary SchickSent: Wednesday, November 02, 2005 3:48 PMTo: sniffer@SortMonster.comSubject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
Re: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message I've had quite a lot of bounces (D/Q.GSE pairs) in the past several weeks due to users with full mailboxes, 99.999% of them are bounces on spam. When I examine the quoted headers in the D.GSE files, an appreciable number of them aren't failing any spam tests, and seems like many of them should at least be failing Sniffer. G.Z. - Original Message - From: Gary Schick To: sniffer@SortMonster.com Sent: Wednesday, November 02, 2005 3:48 PM Subject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
Re: [sniffer] Message Sniffer is not detecting some really bad email
Title: Message Yep... send them to spam (at), from the email that you have on record with them. Sending as an attachment so they get complete headers is usually best, but they can also work with just the body of the message. Darin. - Original Message - From: Gary Schick To: sniffer@SortMonster.com Sent: Wednesday, November 02, 2005 4:48 PM Subject: [sniffer] Message Sniffer is not detecting some really bad email We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
[sniffer] Message Sniffer is not detecting some really bad email
Title: Message We have had excellent results from Message Sniffer for severals years now. However, in the past few days items that I feel should have been caught, were not. Can I submit some samples to you? I would be glad to zip a couple of raw message files and email those to you. Please advise. Regards, Gary Schick Manager, Enterprise Applications Iroquois Gas Transmission System Shelton, CT 06484 [EMAIL PROTECTED] 203 944 7024
[sniffer] Rule Strength Analysis Upgrades
Hello Sniffer Folks, I will be making a significant upgrade to the Rule Strengths Analysis program today. The upgrade will make the rule strength calculation much more sensitive to the recent activity of any given rule so that if a rule stops showing activity it's rule strength will drop over time... as that time becomes longer the rule strength will drop more radically until the rule is made inactive. This will also cause rule fitness decisions to be more competitive so that the most effective rules will be more strongly selected over time. If these adjustments have the desired effect then rulebase efficiency will be dramatically increased and rulebase file sizes will drop significantly. This will improve SNFs performance in two ways: 1. Rulebase files will be smaller and will require less bandwidth to download and to load during operation. There will also be a measurable increase in scanning speed (though this is already measured in small numbers of milliseconds on most systems). 2. The smaller, more efficient files can be compiled and delivered more quickly which will allow us to increase the rate at which we deliver updates. YOU DO NOT NEED TO TAKE ANY ACTION :-) All of this work will happen on our end of the Internet. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html