[sniffer] False Positive - how to react?
For the first (known) time I see Message Sniffer filter a valid mail. The mail is from my Dell salesperson containing a quote. This is from the IMail log: 20070926 091209 127.0.0.1 SMTPD (064801a658d9) [143.166.85.206] EHLO ausc60pc101.us.dell.com 20070926 091210 127.0.0.1 SMTPD (064801a658d9) [143.166.85.206] MAIL FROM:<[EMAIL PROTECTED]> 20070926 091210 127.0.0.1 SMTPD (064801a658d9) [143.166.85.206] RCPT TO:<[EMAIL PROTECTED]> 20070926 091217 127.0.0.1 SMTPD (064801a658d9) [143.166.85.206] d:\ICS2006\IMail\spool\D064801a658d9.SMD 314045 20070926 091217 127.0.0.1 SMTPD (064801a658d9) performing antispam checks This is the related Sniffer log entry: hp2dpjsa20070926071222 d064801a658d9.smd 0 78 Match 1336961 60 6933694583 hp2dpjsa20070926071222 d064801a658d9.smd 0 78 Final 1336961 60 0 26005 83 What is the best way to handle stuff like this? Thanks -- Elektronik-Labor Carls GmbH & Co. KG Stefan Paege Fon: +49 5973 9497-23 Fax: +49 5973 9497-19 Elektronik-Labor Carls GmbH & Co. KG Kommanditgesellschaft:Sitz Neuenkirchen, Registergericht Steinfurt HRA 3310 Persönlich haftende Gesellschafterin: Elektronik-Labor Carls, Beteiligungsgesellschaft mbH, Sitz Neuenkirchen, Registergericht Steinfurt HRB 4175 Geschäftsführer: Irmgard Carls, Joachim Schulte # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
Re[4]: [sniffer] False positive processing
I have responded off list. Let me know (off list) if you got my response just in case it goes missing again. Thanks, _M On Tuesday, March 21, 2006, 12:04:29 PM, Darin wrote: DC> Right. 15 from today. Let me know what you find out. The ones from the DC> 10th were replies to FP processing to investigate further and apply white DC> rules. The others were normal FP reports. DC> Thanks, DC> Darin. DC> - Original Message - DC> From: "Pete McNeil" <[EMAIL PROTECTED]> DC> To: "Darin Cox" DC> Sent: Tuesday, March 21, 2006 11:52 AM DC> Subject: Re[2]: [sniffer] False positive processing DC> On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote: DC>> Nope. None of them. DC>> I haven't heard back from the replies to a couple of false positives on DC> the DC>> 10th, and we haven't heard anything from our submissions on the 16th (6) DC> and DC>> 17th (2). I don't remember if we've heard anything from those on the DC> 15th DC>> (4). DC> Right now I'm preparing to process FPs. I have a total of 24. 15 from DC> you. I don't show any others pending. When I'm done I'll go back and DC> look at the 10th, 16th, and 17th to see if I received and responded. DC> _M DC> This E-Mail came from the Message Sniffer mailing list. For information and DC> (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html DC> This E-Mail came from the Message Sniffer mailing list. For DC> information and (un)subscription instructions go to DC> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] False positive processing
Right. 15 from today. Let me know what you find out. The ones from the 10th were replies to FP processing to investigate further and apply white rules. The others were normal FP reports. Thanks, Darin. - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Darin Cox" Sent: Tuesday, March 21, 2006 11:52 AM Subject: Re[2]: [sniffer] False positive processing On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote: DC> Nope. None of them. DC> I haven't heard back from the replies to a couple of false positives on the DC> 10th, and we haven't heard anything from our submissions on the 16th (6) and DC> 17th (2). I don't remember if we've heard anything from those on the 15th DC> (4). Right now I'm preparing to process FPs. I have a total of 24. 15 from you. I don't show any others pending. When I'm done I'll go back and look at the 10th, 16th, and 17th to see if I received and responded. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False positive processing
On Tuesday, March 21, 2006, 11:37:30 AM, Darin wrote: DC> Nope. None of them. DC> I haven't heard back from the replies to a couple of false positives on the DC> 10th, and we haven't heard anything from our submissions on the 16th (6) and DC> 17th (2). I don't remember if we've heard anything from those on the 15th DC> (4). Right now I'm preparing to process FPs. I have a total of 24. 15 from you. I don't show any others pending. When I'm done I'll go back and look at the 10th, 16th, and 17th to see if I received and responded. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive processing
Nope. None of them. I haven't heard back from the replies to a couple of false positives on the 10th, and we haven't heard anything from our submissions on the 16th (6) and 17th (2). I don't remember if we've heard anything from those on the 15th (4). Darin. - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Darin Cox" Sent: Tuesday, March 21, 2006 11:21 AM Subject: Re: [sniffer] False positive processing On Tuesday, March 21, 2006, 9:38:46 AM, Darin wrote: DC> DC> DC> Hi Pete, DC> DC> DC> DC> Are you getting behind on false positive processing? We have DC> gotten a response in a few days, and are still forwarding false DC> positives for an FP report that we asked for a while rule on the 10th. I'm not behind. Did the message get tagged on it's way out of your system? Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive processing
On Tuesday, March 21, 2006, 9:38:46 AM, Darin wrote: DC> DC> DC> Hi Pete, DC> DC> DC> DC> Are you getting behind on false positive processing? We have DC> gotten a response in a few days, and are still forwarding false DC> positives for an FP report that we asked for a while rule on the 10th. I'm not behind. Did the message get tagged on it's way out of your system? Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False positive processing
Hi Pete, Are you getting behind on false positive processing? We have gotten a response in a few days, and are still forwarding false positives for an FP report that we asked for a while rule on the 10th. Appreciate you looking into it. Darin.
[sniffer] False positive processing
Pete, Thanks for the quicker turnaround in the last few days for false positive processing. We're seeing about half day now. Much appreciated! Darin.
Re[4]: [sniffer] False Positive - no reaction?
On Tuesday, February 21, 2006, 11:16:43 AM, Andy wrote: AS> The only other suggestion I have is to create a 24 hour 'queue' display on AS> the web site. All you need to show is a column of the sender domain names of AS> the email (not the entire sender email address). If I submit a false AS> positive I can confirm that it made it into your queue by checking the web AS> page. This way, you don't need to send automated emails. Agreed. Thanks for the suggestion. I'll add that to the plan for upgrading the false processing engine. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] False Positive - no reaction?
That queue concept would be wonderful! Hopefully it would have some simple info extracted to show recipient, sender, subject, header info, and info on the rule(s) it failed. One of my ongoing challenges is matching responses to reports and following up to see what additional actions are required. Darin. - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 21, 2006 11:16 AM Subject: RE: Re[2]: [sniffer] False Positive - no reaction? Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: Re[2]: [sniffer] False Positive - no reaction?
I like this idea more than the email notification. I really don't need more emails. - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 21, 2006 10:16 AM Subject: RE: Re[2]: [sniffer] False Positive - no reaction? Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] False Positive - no reaction?
Hi Pete, I agree that the email notification is tricky - because you might respond to spam - and, you may NOT respond to someone who did not use an authorized address. On the other hand, if I KNEW there was an auto-response and I did NOT get a response, it would be an indication to me, the user, that I must have done something wrong. So - in a sense - "no" response is also a "message" I can act on. The only other suggestion I have is to create a 24 hour 'queue' display on the web site. All you need to show is a column of the sender domain names of the email (not the entire sender email address). If I submit a false positive I can confirm that it made it into your queue by checking the web page. This way, you don't need to send automated emails. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 11:04 AM To: Andy Schmidt Subject: Re[2]: [sniffer] False Positive - no reaction? On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false AS> positives are worse than missed spam, so I had assumed that they AS> would always be at the top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email AS> was received. The web site makes it sound as if there's a million AS> reasons why a false positive might not be accepted - so an automatic AS> confirmation might be a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False Positive - no reaction?
On Tuesday, February 21, 2006, 10:16:11 AM, Andy wrote: AS> Sorry - didn't mean to be "pushy". I just thought that false positives are AS> worse than missed spam, so I had assumed that they would always be at the AS> top of the queue. It is a very tough balancing act. Don't feel bad at all - you're not being pushy. The current goal is to respond in less than 24 hours and if possible to review twice per day. Yesterday a number of urgent tasks toppled that schedule. The first review happened (at around 0600) but there were no FPs at that time. I'm working to increase the review cycle... there are just a lot of things going on right now. Just so everyone knows, we do hear - loud and clear - that responding to FPs is important, and we have been much better about it over the recent past. I expect that service aspect to improve moving forward along with other things. AS> I can wait (PS - would have calmed my nerves, if there had been some AS> automatic "ticket number" response that reassured me that my email was AS> received. The web site makes it sound as if there's a million reasons why a AS> false positive might not be accepted - so an automatic confirmation might be AS> a good "self-service" tool. That's a good point. I'll look at that possibility when I rewrite the false processing bot. We're getting a lot of spam lately at our false@ address and I would want to make sure that there was no outscatter. I can tell the bot to only respond to validated senders, but then there is the issue of email reliability in the response... what if you don't get the response I mean. ... There are still folks that occasionally (some frequently) send false reports from unauthorized addresses --- those would not get a response... I'm overthinking this now %^b When I get to the false processing bot I will add a response mechanism. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] False Positive - no reaction?
Sorry - didn't mean to be "pushy". I just thought that false positives are worse than missed spam, so I had assumed that they would always be at the top of the queue. I can wait (PS - would have calmed my nerves, if there had been some automatic "ticket number" response that reassured me that my email was received. The web site makes it sound as if there's a million reasons why a false positive might not be accepted - so an automatic confirmation might be a good "self-service" tool. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, February 21, 2006 09:55 AM To: Andy Schmidt Subject: Re: [sniffer] False Positive - no reaction? I'm a little behind. I'm going to do false positives in the next 10 minutes. I only have 20 to do it should go fast. Sorry for the delay. Thanks, _M On Tuesday, February 21, 2006, 9:40:07 AM, Andy wrote: AS> Hi, AS> I filed this false positive report a day ago and never heard back. AS> Just trying to see if my emails are blocked again. AS> Phone: +1 201 934-3414 x20 (Business) AS> Fax:+1 201 934-9206 AS> -Original Message- AS> From: Andy Schmidt [mailto:[EMAIL PROTECTED] AS> Sent: Monday, February 20, 2006 10:41 AM AS> To: '[EMAIL PROTECTED]' AS> Subject: License ID nwb655oh AS> This message was a GIF image from one individual to another. AS> Log Entries: AS> nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 AS> Match 836625 61 2245238871 AS> nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 AS> Final 836625 61 0 32767 71 AS> Original Message: >>> Received: from mailout08.sul.t-online.com [194.25.134.20] by >>> hm-software.com with ESMTP >>> (SMTPD32-8.15) id A9CC319600AA; Sun, 19 Feb 2006 12:24:28 -0500 >>> Received: from fwd34.aul.t-online.de by mailout08.sul.t-online.com >>> with smtp id 1FAsIN-00064u-06; Sun, 19 Feb 2006 18:24:27 +0100 >>> Received: from athome >>> ([EMAIL PROTECTED] >>> 6 >>> ]) >>> by fwd34.sul.t-online.de >>> with smtp id 1FAsIB-0X4oka0; Sun, 19 Feb 2006 18:24:15 +0100 >>> Message-ID: <[EMAIL PROTECTED]> >>> From: "Bjoern Schmidt" <[EMAIL PROTECTED]> >>> To: "Jochen Schug" <[EMAIL PROTECTED]>, "Harald Mergard" >>> <[EMAIL PROTECTED]> >>> Subject: Hier das Bild zu meinem Service-request >>> Date: Sun, 19 Feb 2006 18:24:15 +0100 >>> MIME-Version: 1.0 >>> Content-Type: multipart/mixed; >>> boundary="=_NextPart_000_0005_01C63581.B0813970" >>> X-Priority: 3 >>> X-MSMail-Priority: Normal >>> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >>> X-ID: GWI0CrZ-Ye-ErQseZpWkpcMBFfC4ce2pefaSy9EIpXJHQ-BFOxDqQt >>> X-TOI-MSGID: bdd1884c-5835-410b-822a-2343e2bb5047 >>> >>> This is a multi-part message in MIME format. >>> >>> --=_NextPart_000_0005_01C63581.B0813970 >>> Content-Type: multipart/alternative; >>> boundary="=_NextPart_001_0006_01C63581.B0813970" >>> >>> >>> --=_NextPart_001_0006_01C63581.B0813970 >>> Content-Type: text/plain; >>> charset="iso-8859-1" >>> Content-Transfer-Encoding: quoted-printable >>> >>> >>> Ciao >>> Bjoern Schmidt >>> [EMAIL PROTECTED] >>> www.barchetta.cc =20 >>> Barchetta - The Classic and Sports Car Channel Updated News as >>> It = Happens. >>> --=_NextPart_001_0006_01C63581.B0813970 >>> Content-Type: text/html; >>> charset="iso-8859-1" >>> Content-Transfer-Encoding: quoted-printable >>> >>> >>> >> charset=3Diso-8859-1"> >> name=3DGENERATOR> >>> CiaoBjoern >>> Schmidt>> href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]>> href=3D"http://www.barchetta.cc";>www.barchetta.cc = >>> Barchetta -=20 The Classic and Sports Car Channel Updated >>> News as It=20 Happens. >>> >>> --=_NextPart_001_0006_01C63581.B0813970-- >>> >>> --=_NextPart_000_0005_01C63581.B0813970 >>> Content-Type: image/gif; >>> name="Neues Projekt erstellen.gif" >>> Content-Transfer-Encoding: base64 >>> Content-Disposition: attachment; >>> filena
Re: [sniffer] False Positive - no reaction?
I'm a little behind. I'm going to do false positives in the next 10 minutes. I only have 20 to do it should go fast. Sorry for the delay. Thanks, _M On Tuesday, February 21, 2006, 9:40:07 AM, Andy wrote: AS> Hi, AS> I filed this false positive report a day ago and never heard back. AS> Just trying to see if my emails are blocked again. AS> Phone: +1 201 934-3414 x20 (Business) AS> Fax:+1 201 934-9206 AS> -Original Message- AS> From: Andy Schmidt [mailto:[EMAIL PROTECTED] AS> Sent: Monday, February 20, 2006 10:41 AM AS> To: '[EMAIL PROTECTED]' AS> Subject: License ID nwb655oh AS> This message was a GIF image from one individual to another. AS> Log Entries: AS> nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 AS> Match 836625 61 2245238871 AS> nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 AS> Final 836625 61 0 32767 71 AS> Original Message: >>> Received: from mailout08.sul.t-online.com [194.25.134.20] by >>> hm-software.com with ESMTP >>> (SMTPD32-8.15) id A9CC319600AA; Sun, 19 Feb 2006 12:24:28 -0500 >>> Received: from fwd34.aul.t-online.de >>> by mailout08.sul.t-online.com with smtp id 1FAsIN-00064u-06; Sun, 19 >>> Feb 2006 18:24:27 +0100 >>> Received: from athome >>> ([EMAIL PROTECTED] >>> ]) >>> by fwd34.sul.t-online.de >>> with smtp id 1FAsIB-0X4oka0; Sun, 19 Feb 2006 18:24:15 +0100 >>> Message-ID: <[EMAIL PROTECTED]> >>> From: "Bjoern Schmidt" <[EMAIL PROTECTED]> >>> To: "Jochen Schug" <[EMAIL PROTECTED]>, "Harald Mergard" >>> <[EMAIL PROTECTED]> >>> Subject: Hier das Bild zu meinem Service-request >>> Date: Sun, 19 Feb 2006 18:24:15 +0100 >>> MIME-Version: 1.0 >>> Content-Type: multipart/mixed; >>> boundary="=_NextPart_000_0005_01C63581.B0813970" >>> X-Priority: 3 >>> X-MSMail-Priority: Normal >>> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 >>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >>> X-ID: GWI0CrZ-Ye-ErQseZpWkpcMBFfC4ce2pefaSy9EIpXJHQ-BFOxDqQt >>> X-TOI-MSGID: bdd1884c-5835-410b-822a-2343e2bb5047 >>> >>> This is a multi-part message in MIME format. >>> >>> --=_NextPart_000_0005_01C63581.B0813970 >>> Content-Type: multipart/alternative; >>> boundary="=_NextPart_001_0006_01C63581.B0813970" >>> >>> >>> --=_NextPart_001_0006_01C63581.B0813970 >>> Content-Type: text/plain; >>> charset="iso-8859-1" >>> Content-Transfer-Encoding: quoted-printable >>> >>> >>> Ciao >>> Bjoern Schmidt >>> [EMAIL PROTECTED] >>> www.barchetta.cc =20 >>> Barchetta - The Classic and Sports Car Channel Updated News as >>> It = Happens. >>> --=_NextPart_001_0006_01C63581.B0813970 >>> Content-Type: text/html; >>> charset="iso-8859-1" >>> Content-Transfer-Encoding: quoted-printable >>> >>> >>> >> charset=3Diso-8859-1"> >> name=3DGENERATOR> >>> CiaoBjoern >>> Schmidt>> href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]>> href=3D"http://www.barchetta.cc";>www.barchetta.cc = >>> Barchetta -=20 The Classic and Sports Car Channel Updated >>> News as It=20 Happens. >>> >>> --=_NextPart_001_0006_01C63581.B0813970-- >>> >>> --=_NextPart_000_0005_01C63581.B0813970 >>> Content-Type: image/gif; >>> name="Neues Projekt erstellen.gif" >>> Content-Transfer-Encoding: base64 >>> Content-Disposition: attachment; >>> filename="Neues Projekt erstellen.gif" >>> >>> R0lGODdhAAUABHcAACwAAAUABIcAAACAgACAgICAAIAAgIDAwMDA3MCmy >>> vAB >>> NwAnHQAwLQwxMzgYCVwPLFYAO3M1OEgyPXEPVBARVjgRZw4eaSo0WTA9ZQosdDEfVkEaZ >>> EkZZ3A5 >>> SFszT3ksdEckbXtKOExmLGVFVhZKUTJHaBVIcyhwWTdsdipPU1lbW2xIbUhNY39qQF5ud >>> Epwb2QL >>> AS> MJcHLKMxP7wvPdwdSJoYQaUMYK4qT5EmUrgxZZo6cL0ZUsQUftoIdusjWtgtUuUpZNsuc+ZCPoVS >>> U4VOU7tObJlQe6VrVYd0co1zeKtXXcZFW/BGZstGbNRLcc5IcNJaZ8xUdttPeehtdM1nf >>> ucGlQAB >>> swA1jzU7qTo9l0A+pUAAygAA8wAuzy5HjzVEoztijAZshS50qgx6uyRKmUlCj2NLp0tfo >>> swA1jzU7qTo9l0A+WBpk1J8 >>> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+4wrvQay/UjxvVOlYBKhbF/gIB3k6l/u >>> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+oBRldBJ >>> j+1boNRRs/Rlhtxlm8xmnNV0h9x7l8l5ld5njOBohvxqkeBjm/t3juNwjf98muF7mf9+o >>> j+uVYwvZz >>> yvahEwG3Nw2FWDeVazW2UBqjRCGqZCaIU0iTW3aPc0mVZXe4WUuuYVqtaHrGOAf/AAD+N >>> QPUSgjB >>> XizbZg33ShP4Tyb0chHMZFPHcHD1aEmTbISudYzCdoGahgaaky2ZoCesjwq6jD6upSmKi >>> FCIknCF >>> p3Svmk+I0QyBySaa7AvCngvOhzrQqw7OuyL9kQT2iinzrA70rDDflkHQjGb2l07pk3X2r >>> p3Svmk+lL1sWf5 >>> AS> zQ7+30H1xGn841L8622MjIyMkKeJvIiPor2vgZyxjamrqJigoKCTl8aBneGXq9KMq+e2t9Otu+yS >>> wpKlzZ+zxail/7WJ0PazxNO5zPOs4f/akIPXp4vzmIjsuYT6tqjBzLX2zJHz1bX8+JXn/ >>> wpKlzZ+6nT0tnY >>> 2OTZ5NTX5Pjq1ND9/dTo6OgAAACgoKSAgID//wD//wAAAP//AP8A//9YqUYI/ >>> wALCRTo >>> RAqggwcNKTSEqKHDhw0XSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjy >>> pxJs6bN >>> mzhz6tzJs6fPnx4RCpXiZGChJQcHNZFSyJFTR9miSp1KtarVq1izat3KtavXr2DDih1Lt >>> qzZs2jT >>> ql3Ltq3bt3Djyp1Lt67du3jz6t3Lt6/fv4DnPi0kpckgQFEONgHUFKrVbZAjS55MubLly >>> 5gza97M >>> ubPnz6BDix5NurTp06hTq17NurXr17Bjy55Nu7ZtyYFz697Nu7dvudvUOmWklEoUKosFP >>> nX6u7nz >>> 59CjS59Ovbr169iza9/
Re: [sniffer] False Positive - no reaction?
On average it takes 2 or three days to hear back on false positives. Darin. - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: Sent: Tuesday, February 21, 2006 9:40 AM Subject: [sniffer] False Positive - no reaction? Hi, I filed this false positive report a day ago and never heard back. Just trying to see if my emails are blocked again. Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 10:41 AM To: '[EMAIL PROTECTED]' Subject: License ID nwb655oh This message was a GIF image from one individual to another. Log Entries: nwb655oh 20060219172434 DA9CC319600AA9394.SMD 31 360 Match 836625 61 2245 2388 71 nwb655oh 20060219172434 DA9CC319600AA9394.SMD 31 360 Final 836625 61 0 32767 71 Original Message: >> Received: from mailout08.sul.t-online.com [194.25.134.20] by >> hm-software.com with ESMTP >> (SMTPD32-8.15) id A9CC319600AA; Sun, 19 Feb 2006 12:24:28 -0500 >> Received: from fwd34.aul.t-online.de >> by mailout08.sul.t-online.com with smtp id 1FAsIN-00064u-06; Sun, 19 >> Feb 2006 18:24:27 +0100 >> Received: from athome >> ([EMAIL PROTECTED] >> ]) >> by fwd34.sul.t-online.de >> with smtp id 1FAsIB-0X4oka0; Sun, 19 Feb 2006 18:24:15 +0100 >> Message-ID: <[EMAIL PROTECTED]> >> From: "Bjoern Schmidt" <[EMAIL PROTECTED]> >> To: "Jochen Schug" <[EMAIL PROTECTED]>, "Harald Mergard" >> <[EMAIL PROTECTED]> >> Subject: Hier das Bild zu meinem Service-request >> Date: Sun, 19 Feb 2006 18:24:15 +0100 >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; >> boundary="=_NextPart_000_0005_01C63581.B0813970" >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >> X-ID: GWI0CrZ-Ye-ErQseZpWkpcMBFfC4ce2pefaSy9EIpXJHQ-BFOxDqQt >> X-TOI-MSGID: bdd1884c-5835-410b-822a-2343e2bb5047 >> >> This is a multi-part message in MIME format. >> >> --=_NextPart_000_0005_01C63581.B0813970 >> Content-Type: multipart/alternative; >> boundary="=_NextPart_001_0006_01C63581.B0813970" >> >> >> --=_NextPart_001_0006_01C63581.B0813970 >> Content-Type: text/plain; >> charset="iso-8859-1" >> Content-Transfer-Encoding: quoted-printable >> >> >> Ciao >> Bjoern Schmidt >> [EMAIL PROTECTED] >> www.barchetta.cc =20 >> Barchetta - The Classic and Sports Car Channel Updated News as >> It = Happens. >> --=_NextPart_001_0006_01C63581.B0813970 >> Content-Type: text/html; >> charset="iso-8859-1" >> Content-Transfer-Encoding: quoted-printable >> >> >> > charset=3Diso-8859-1"> > name=3DGENERATOR> >> CiaoBjoern >> Schmidt> href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]> href=3D"http://www.barchetta.cc";>www.barchetta.cc = >> Barchetta -=20 The Classic and Sports Car Channel Updated >> News as It=20 Happens. >> >> --=_NextPart_001_0006_01C63581.B0813970-- >> >> --=_NextPart_000_0005_01C63581.B0813970 >> Content-Type: image/gif; >> name="Neues Projekt erstellen.gif" >> Content-Transfer-Encoding: base64 >> Content-Disposition: attachment; >> filename="Neues Projekt erstellen.gif" >> >> R0lGODdhAAUABHcAACwAAAUABIcAAACAgACAgICAAIAAgIDAwMDA3MCmy >> vAB >> NwAnHQAwLQwxMzgYCVwPLFYAO3M1OEgyPXEPVBARVjgRZw4eaSo0WTA9ZQosdDEfVkEaZ >> EkZZ3A5 >> SFszT3ksdEckbXtKOExmLGVFVhZKUTJHaBVIcyhwWTdsdipPU1lbW2xIbUhNY39qQF5ud >> Epwb2QL >> MJcHLKMxP7wvPdwdSJoYQaUMYK4qT5EmUrgxZZo6cL0ZUsQUftoIdusjWtgtUuUpZNsuc+ZCPoVS >> U4VOU7tObJlQe6VrVYd0co1zeKtXXcZFW/BGZstGbNRLcc5IcNJaZ8xUdttPeehtdM1nf >> ucGlQAB >> swA1jzU7qTo9l0A+pUAAygAA8wAuzy5HjzVEoztijAZshS50qgx6uyRKmUlCj2NLp0tfo >> swA1jzU7qTo9l0A+WBpk1J8 >> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+4wrvQay/UjxvVOlYBKhbF/gIB3k6l/u >> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+oBRldBJ >> j+1boNRRs/Rlhtxlm8xmnNV0h9x7l8l5ld5njOBohvxqkeBjm/t3juNwjf98muF7mf9+o >> j+uVYwvZz >> yvahEwG3Nw2FWDeVazW2UBqjRCGqZCaIU0iTW3aPc0mVZXe4WUuuYVqtaHrGOAf/AAD+N >> QPUSgjB >> XizbZg33ShP4Tyb0chHMZFPHcHD1aEmTbISudYzCdoGahgaaky2ZoCesjwq6jD6upSmKi >> FCIknCF >> p3Svmk+I0QyBySaa7AvCngvOhzrQqw7OuyL9kQT2iinzrA70rDDflkHQjGb2l07pk3X2r >> p3Svmk+lL1sWf5 >> zQ7+30H1xGn841L8622MjIyMkKeJvIiPor2vgZyxjamrqJigoKCTl8aBneGXq9KMq+e2t9Otu+yS >> wpKlzZ+zxail/
[sniffer] False Positive - no reaction?
Hi, I filed this false positive report a day ago and never heard back. Just trying to see if my emails are blocked again. Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Monday, February 20, 2006 10:41 AM To: '[EMAIL PROTECTED]' Subject: License ID nwb655oh This message was a GIF image from one individual to another. Log Entries: nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 Match 836625 61 2245238871 nwb655oh20060219172434 DA9CC319600AA9394.SMD 31 360 Final 836625 61 0 32767 71 Original Message: >> Received: from mailout08.sul.t-online.com [194.25.134.20] by >> hm-software.com with ESMTP >> (SMTPD32-8.15) id A9CC319600AA; Sun, 19 Feb 2006 12:24:28 -0500 >> Received: from fwd34.aul.t-online.de >> by mailout08.sul.t-online.com with smtp id 1FAsIN-00064u-06; Sun, 19 >> Feb 2006 18:24:27 +0100 >> Received: from athome >> ([EMAIL PROTECTED] >> ]) >> by fwd34.sul.t-online.de >> with smtp id 1FAsIB-0X4oka0; Sun, 19 Feb 2006 18:24:15 +0100 >> Message-ID: <[EMAIL PROTECTED]> >> From: "Bjoern Schmidt" <[EMAIL PROTECTED]> >> To: "Jochen Schug" <[EMAIL PROTECTED]>, "Harald Mergard" >> <[EMAIL PROTECTED]> >> Subject: Hier das Bild zu meinem Service-request >> Date: Sun, 19 Feb 2006 18:24:15 +0100 >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; >> boundary="=_NextPart_000_0005_01C63581.B0813970" >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 >> X-ID: GWI0CrZ-Ye-ErQseZpWkpcMBFfC4ce2pefaSy9EIpXJHQ-BFOxDqQt >> X-TOI-MSGID: bdd1884c-5835-410b-822a-2343e2bb5047 >> >> This is a multi-part message in MIME format. >> >> --=_NextPart_000_0005_01C63581.B0813970 >> Content-Type: multipart/alternative; >> boundary="=_NextPart_001_0006_01C63581.B0813970" >> >> >> --=_NextPart_001_0006_01C63581.B0813970 >> Content-Type: text/plain; >> charset="iso-8859-1" >> Content-Transfer-Encoding: quoted-printable >> >> >> Ciao >> Bjoern Schmidt >> [EMAIL PROTECTED] >> www.barchetta.cc =20 >> Barchetta - The Classic and Sports Car Channel Updated News as >> It = Happens. >> --=_NextPart_001_0006_01C63581.B0813970 >> Content-Type: text/html; >> charset="iso-8859-1" >> Content-Transfer-Encoding: quoted-printable >> >> >> > charset=3Diso-8859-1"> > name=3DGENERATOR> >> CiaoBjoern >> Schmidt> href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]> href=3D"http://www.barchetta.cc";>www.barchetta.cc = >> Barchetta -=20 The Classic and Sports Car Channel Updated >> News as It=20 Happens. >> >> --=_NextPart_001_0006_01C63581.B0813970-- >> >> --=_NextPart_000_0005_01C63581.B0813970 >> Content-Type: image/gif; >> name="Neues Projekt erstellen.gif" >> Content-Transfer-Encoding: base64 >> Content-Disposition: attachment; >> filename="Neues Projekt erstellen.gif" >> >> R0lGODdhAAUABHcAACwAAAUABIcAAACAgACAgICAAIAAgIDAwMDA3MCmy >> vAB >> NwAnHQAwLQwxMzgYCVwPLFYAO3M1OEgyPXEPVBARVjgRZw4eaSo0WTA9ZQosdDEfVkEaZ >> EkZZ3A5 >> SFszT3ksdEckbXtKOExmLGVFVhZKUTJHaBVIcyhwWTdsdipPU1lbW2xIbUhNY39qQF5ud >> Epwb2QL >> MJcHLKMxP7wvPdwdSJoYQaUMYK4qT5EmUrgxZZo6cL0ZUsQUftoIdusjWtgtUuUpZNsuc+ZCPoVS >> U4VOU7tObJlQe6VrVYd0co1zeKtXXcZFW/BGZstGbNRLcc5IcNJaZ8xUdttPeehtdM1nf >> ucGlQAB >> swA1jzU7qTo9l0A+pUAAygAA8wAuzy5HjzVEoztijAZshS50qgx6uyRKmUlCj2NLp0tfo >> swA1jzU7qTo9l0A+WBpk1J8 >> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+4wrvQay/UjxvVOlYBKhbF/gIB3k6l/u >> jHxgoV9urm514XU9g74UgtkPkuoVrfE5lds3g+oBRldBJ >> j+1boNRRs/Rlhtxlm8xmnNV0h9x7l8l5ld5njOBohvxqkeBjm/t3juNwjf98muF7mf9+o >> j+uVYwvZz >> yvahEwG3Nw2FWDeVazW2UBqjRCGqZCaIU0iTW3aPc0mVZXe4WUuuYVqtaHrGOAf/AAD+N >> QPUSgjB >> XizbZg33ShP4Tyb0chHMZFPHcHD1aEmTbISudYzCdoGahgaaky2ZoCesjwq6jD6upSmKi >> FCIknCF >> p3Svmk+I0QyBySaa7AvCngvOhzrQqw7OuyL9kQT2iinzrA70rDDflkHQjGb2l07pk3X2r >> p3Svmk+lL1sWf5 >> zQ7+30H1xGn841L8622MjIyMkKeJvIiPor2vgZyxjamrqJigoKCTl8aBneGXq9KMq+e2t9Otu+yS >> wpKlzZ+zxail/7WJ0PazxNO5zPOs4f/akIPXp4vzmIjsuYT6tqjBzLX2zJHz1bX8+JXn/ >> wpKlzZ+6nT0tnY >> 2OTZ5NTX5Pjq1ND9/dTo6OgAAACgoKSAgID//wD//wAAAP//AP8A//9YqUYI/ >> wALCRTo >> RAqggwcNKTSEqKHDhw0XSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjy >> pxJs6bN >> mzhz6tzJs6fPnx4RCpXiZGChJQcHNZFSyJFTR9miSp1KtarVq1izat3KtavXr2DDih1Lt >> qzZs2jT >> ql3Ltq3bt3Djyp1Lt67du3jz6t3Lt6/fv4DnPi0kpckgQFEONgHUFKrVbZAjS55MubLly >> 5gza97M >> ubPnz6BDix5NurTp06hTq17NurXr17Bjy55Nu7ZtyYFz697Nu7dvudvUOmWklEoUKosFP >> nX6u7nz >> 59CjS59Ovbr169iza9/OvXv15eDDX/8bf40RceRLokQZZHTg8qrh48ufT7++/fv48+vfz This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False Positive
Answered off-list _M On Tuesday, February 14, 2006, 2:07:48 PM, Steve wrote: SG> Hello, SG> Could you please tell me what would cause an email to fail rule # 831417 SG> This was a good email flagged this morning and deleted. SG> Regards, SG> Steve Guluk SG> SGDesign SG> (949) 661-9333 SG> ICQ: 7230769 SG> This E-Mail came from the Message Sniffer mailing list. For SG> information and (un)subscription instructions go to SG> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False Positive - RESEND
Hello, Could you please tell me what would cause an email to fail rule # 831417 This was a good email flagged this morning and deleted. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False Positive
Hello, Could you please tell me what would cause an email to fail rule # 831417 This was a good email flagged this morning and deleted. Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769 This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[4]: [sniffer] False positive
Perhaps your system is blocking these messages? Please check. I've left the FP response out of this message -- I suspect that something in the response is causing the message to be blocked. Let me know if you get this one - you should get it twice - once directly and once through the list. (Sorry for the extra traffic list folks ;-) ) Thanks, _M On Wednesday, September 14, 2005, 2:05:35 AM, John wrote: JTL> Pete, other than database update e-mails, I see know e-mails from JTL> "@microneil.com" or [EMAIL PROTECTED] in the last 2 days received by my JTL> server. JTL> John T JTL> eServices For You >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] JTL> On >> Behalf Of Pete McNeil >> Sent: Tuesday, September 13, 2005 4:45 AM >> To: John Tolmachoff (Lists) >> Subject: Re[2]: [sniffer] False positive >> >> I have your response in my sent folder. >> >> I will send it again.. >> >> _M >> >> On Monday, September 12, 2005, 8:37:52 PM, John wrote: >> >> JTL> I also have sent some false positives in the last 2 weeks with no JTL> response, >> JTL> the lastest being at 09/10/05 at 9:49 AM PDT. >> >> JTL> John T >> JTL> eServices For You >> >> >> >> -Original Message- >> >> From: [EMAIL PROTECTED] >> >> [mailto:[EMAIL PROTECTED] >> JTL> On >> >> Behalf Of Pete McNeil >> >> Sent: Friday, September 09, 2005 5:08 AM >> >> To: Ali Resting >> >> Subject: Re: [sniffer] False positive >> >> >> >> On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: >> >> >> >> AR> Hi Peter, >> >> >> >> AR> I have submited 3 email to [EMAIL PROTECTED] with all the JTL> required >> >> AR> fields as per you instaructions on the website, I have not received >> JTL> any >> >> AR> feedback whether this request has been effected. >> >> >> >> I cleared the false positives queue last night. I don't see any >> >> messages in there from you today. You should have received a response >> >> for each submission. I will review my responses and get back to you >> >> off list. >> >> >> >> Thanks, >> >> >> >> _M >> >> >> >> >> >> >> >> This E-Mail came from the Message Sniffer mailing list. For information >> JTL> and >> >> (un)subscription instructions go to >> >> http://www.sortmonster.com/MessageSniffer/Help/Help.html >> >> >> JTL> This E-Mail came from the Message Sniffer mailing list. For >> JTL> information and (un)subscription instructions go to >> JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html >> >> >> This E-Mail came from the Message Sniffer mailing list. For information JTL> and >> (un)subscription instructions go to >> http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL> This E-Mail came from the Message Sniffer mailing list. For JTL> information and (un)subscription instructions go to JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: Re[2]: [sniffer] False positive
Pete, other than database update e-mails, I see know e-mails from "@microneil.com" or [EMAIL PROTECTED] in the last 2 days received by my server. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: Tuesday, September 13, 2005 4:45 AM > To: John Tolmachoff (Lists) > Subject: Re[2]: [sniffer] False positive > > I have your response in my sent folder. > > I will send it again.. > > _M > > On Monday, September 12, 2005, 8:37:52 PM, John wrote: > > JTL> I also have sent some false positives in the last 2 weeks with no response, > JTL> the lastest being at 09/10/05 at 9:49 AM PDT. > > JTL> John T > JTL> eServices For You > > > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] > JTL> On > >> Behalf Of Pete McNeil > >> Sent: Friday, September 09, 2005 5:08 AM > >> To: Ali Resting > >> Subject: Re: [sniffer] False positive > >> > >> On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: > >> > >> AR> Hi Peter, > >> > >> AR> I have submited 3 email to [EMAIL PROTECTED] with all the required > >> AR> fields as per you instaructions on the website, I have not received > JTL> any > >> AR> feedback whether this request has been effected. > >> > >> I cleared the false positives queue last night. I don't see any > >> messages in there from you today. You should have received a response > >> for each submission. I will review my responses and get back to you > >> off list. > >> > >> Thanks, > >> > >> _M > >> > >> > >> > >> This E-Mail came from the Message Sniffer mailing list. For information > JTL> and > >> (un)subscription instructions go to > >> http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > JTL> This E-Mail came from the Message Sniffer mailing list. For > JTL> information and (un)subscription instructions go to > JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re[2]: [sniffer] False positive
I have your response in my sent folder. I will send it again... _M On Monday, September 12, 2005, 8:37:52 PM, John wrote: JTL> I also have sent some false positives in the last 2 weeks with no response, JTL> the lastest being at 09/10/05 at 9:49 AM PDT. JTL> John T JTL> eServices For You >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] JTL> On >> Behalf Of Pete McNeil >> Sent: Friday, September 09, 2005 5:08 AM >> To: Ali Resting >> Subject: Re: [sniffer] False positive >> >> On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: >> >> AR> Hi Peter, >> >> AR> I have submited 3 email to [EMAIL PROTECTED] with all the required >> AR> fields as per you instaructions on the website, I have not received JTL> any >> AR> feedback whether this request has been effected. >> >> I cleared the false positives queue last night. I don't see any >> messages in there from you today. You should have received a response >> for each submission. I will review my responses and get back to you >> off list. >> >> Thanks, >> >> _M >> >> >> >> This E-Mail came from the Message Sniffer mailing list. For information JTL> and >> (un)subscription instructions go to >> http://www.sortmonster.com/MessageSniffer/Help/Help.html JTL> This E-Mail came from the Message Sniffer mailing list. For JTL> information and (un)subscription instructions go to JTL> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] False positive
I also have sent some false positives in the last 2 weeks with no response, the lastest being at 09/10/05 at 9:49 AM PDT. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Pete McNeil > Sent: Friday, September 09, 2005 5:08 AM > To: Ali Resting > Subject: Re: [sniffer] False positive > > On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: > > AR> Hi Peter, > > AR> I have submited 3 email to [EMAIL PROTECTED] with all the required > AR> fields as per you instaructions on the website, I have not received any > AR> feedback whether this request has been effected. > > I cleared the false positives queue last night. I don't see any > messages in there from you today. You should have received a response > for each submission. I will review my responses and get back to you > off list. > > Thanks, > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive
On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: Apologies to the list... I intended to send those responses directly. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive
Here is another copy of my initial reply. _M On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: AR> Hi Peter, AR> I have submited 3 email to [EMAIL PROTECTED] with all the required AR> fields as per you instaructions on the website, I have not received any AR> feedback whether this request has been effected. AR> Regards AR> Ali AR> --- AR> This message was scanned for viruses by the Real Image Anti-virus filters AR> This E-Mail came from the Message Sniffer mailing list. For AR> information and (un)subscription instructions go to AR> http://www.sortmonster.com/MessageSniffer/Help/Help.html--- Begin Message --- Hello Ali, Monday, September 5, 2005, 4:36:28 AM, you wrote: AR> Original From - "Ali Resting" <[EMAIL PROTECTED]> AR> resulted in no license ID. AR> TmpFile - tmpMailScan13727.tmp AR> Your submission matched the following rules... [FPR:U] Please submit false positives from a registered email address or authorized alias. AR> Clean AR> Rule 0-000 not found. ID NameSource Age Strength 353069 get free movie tickets .edirect.co.za 118 1.84206058734099 [FPR:B] The rule is below threshold, and/or badly or broadly coded so it will be removed from the core rulebase. -- Best regards, Sniffermailto:[EMAIL PROTECTED]--- Begin Message --- +OK 3827 octets Received: from realnet.co.sz [196.28.7.119] by SortMonster.com with ESMTP (SMTPD32-6.05) id A3355D0601CA; Mon, 05 Sep 2005 04:35:01 -0400 Received: from real7 [196.31.58.4] by realnet.co.sz (SMTPD32-7.07) id A241281E0198; Mon, 05 Sep 2005 10:30:57 +0200 From: "Ali Resting" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Subject: License ID q12spfrk Date: Mon, 5 Sep 2005 10:45:34 +0200 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal X-Declude-Sender: [EMAIL PROTECTED] [196.31.58.4] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Declude-Spoolname: D03351ca.SMD X-RCPT-TO: <[EMAIL PROTECTED]> X-UIDL: 422568617 Status: U Please whitelist the following domains: standardbank.co.za and sbic.co.za. These are legit messages. Find attached the sniffer logs and the contents of the message. Sniffer Log: q12spfrk20050904092020 20050904072019_30057.msg0 60 Match 353069 60 6186619951 q12spfrk20050904092020 20050904072019_30057.msg0 60 Final 353069 60 0 32562 51 Message: Received: from sbic.co.za (unknown [196.8.126.20]) by spam-gw.realnet.co.sz (Postfix) with SMTP id 72CC31CA499 for <[EMAIL PROTECTED]>; Sun, 4 Sep 2005 07:20:19 -0200 (GMT+2) Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 To: Robert <[EMAIL PROTECTED]> From: Standard Bank <[EMAIL PROTECTED]> Reply-To: Standard Bank <[EMAIL PROTECTED]> Subject: Your Standard Bank Provisional Statement - 2005-09-04(Card No..250) Sensitivity: non-sensitive Date: Sun, 4 Sep 2005 07:32:49 +0200 X-Mailer: Striata Communications' SimpleMail v. 1.37.2.1 X-Tag: F37C4CD243C513818B7BBA1849950E77 Content-Type: multipart/mixed; boundary="=_NextPart_Mixed_SimpleMail_by_Striata_Communications" X-Format: MixedAlternative This is a multi-part message in MIME format. --=_NextPart_Mixed_SimpleMail_by_Striata_Communications Content-Type: multipart/alternative; boundary="=_NextPart_alternative_SimpleMail_by_Striata_Communications" Content-Transfer-Encoding: 7bit --=_NextPart_alternative_SimpleMail_by_Striata_Communications Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable ---o0o Standard Bank Standard Bank Internet Banking ---o0o Robert, attached is your provisional statement. We have encrypted it to make it secure. To unlock the statement you need your card number, password and=20 to have installed the decoder. If you do not have the decoder installed please download it from https://www.standardbank.co.za/secure/decoder/secur=edecoder.html or call us on 0860 123 000 for any assistance. If you've forgotten your password, logon to Internet banking, click on Account Management then Email Statements and your password and card=20 number will be displayed. Call 0860 123 000 with any queries=20 (+27 11 299 4701 if your calling from outside South Africa ) or email us at [EMAIL PROTECTED] Enjoy your day THEN the contents follow --- This message was scanned for viruses by the Real Image Anti-virus filters . --- End Message --- --- End Message ---
Re: [sniffer] False positive
On Friday, September 9, 2005, 2:17:31 AM, Ali wrote: AR> Hi Peter, AR> I have submited 3 email to [EMAIL PROTECTED] with all the required AR> fields as per you instaructions on the website, I have not received any AR> feedback whether this request has been effected. I cleared the false positives queue last night. I don't see any messages in there from you today. You should have received a response for each submission. I will review my responses and get back to you off list. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False positive
Hi Peter, I have submited 3 email to [EMAIL PROTECTED] with all the required fields as per you instaructions on the website, I have not received any feedback whether this request has been effected. Regards Ali --- This message was scanned for viruses by the Real Image Anti-virus filters This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive on whole domain
I'm pretty sure the rule that caused your trouble has been removed. _M On Thursday, August 4, 2005, 7:24:09 PM, Robert wrote: RM> After two attempts to email support and two attempts to RM> register a real false positive to [EMAIL PROTECTED], I would be RM> really grateful for some help. I suspect our email attempts may RM> have failed to reach sortmonster. RM> RM> All email to and from one of our domains since about the 21st RM> July is being detected as spam by Sniffer. The domain in question RM> is: RM> g r o u n d h o g. u k. c o m RM> RM> We run SmarterMail with Declude so as to be able to run RM> Sniffer which has proven with the exception above to be highly RM> effective at reducing the massive amount of junk mail delivered to RM> our clients on their respective domains. We have set Sniffer so RM> that it alone can trigger Hold emails. RM> RM> I have twice sent appropriate emails to [EMAIL PROTECTED], RM> but received no acknowledgement or response, so I dont know if RM> they were received or not. RM> RM> Can anyone give advice as to how to proceed? RM> RM> Robert This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] False positive on whole domain
We do respond to all false reports that are made to us if we can properly identify the sender - and often even if that is not the case. I will research this further and contact you off list. Thanks, _M On Thursday, August 4, 2005, 7:24:09 PM, Robert wrote: RM> After two attempts to email support and two attempts to RM> register a real false positive to [EMAIL PROTECTED], I would be RM> really grateful for some help. I suspect our email attempts may RM> have failed to reach sortmonster. RM> RM> All email to and from one of our domains since about the 21st RM> July is being detected as spam by Sniffer. The domain in question RM> is: RM> g r o u n d h o g. u k. c o m RM> RM> We run SmarterMail with Declude so as to be able to run RM> Sniffer which has proven with the exception above to be highly RM> effective at reducing the massive amount of junk mail delivered to RM> our clients on their respective domains. We have set Sniffer so RM> that it alone can trigger Hold emails. RM> RM> I have twice sent appropriate emails to [EMAIL PROTECTED], RM> but received no acknowledgement or response, so I dont know if RM> they were received or not. RM> RM> Can anyone give advice as to how to proceed? RM> RM> Robert This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False positive on whole domain
After two attempts to email support and two attempts to register a real false positive to [EMAIL PROTECTED], I would be really grateful for some help. I suspect our email attempts may have failed to reach sortmonster. All email to and from one of our domains since about the 21st July is being detected as spam by Sniffer. The domain in question is: g r o u n d h o g. u k. c o m We run SmarterMail with Declude so as to be able to run Sniffer which has proven – with the exception above – to be highly effective at reducing the massive amount of junk mail delivered to our clients on their respective domains. We have set Sniffer so that it alone can trigger Hold emails. I have twice sent appropriate emails to [EMAIL PROTECTED], but received no acknowledgement or response, so I don’t know if they were received or not. Can anyone give advice as to how to proceed? Robert
Re: [sniffer] False Positive?
There is a lot of symantec spam out there (that looks like it's not from them of course)... It's possible that something used in one of those made it into their auto confirm, or that a robot picked something up in a cross reference on a trap. The only way to tell for sure is to get the SNF log entries that match the FP and then I can look up the rule(s). Hope this helps, _M On Thursday, July 14, 2005, 11:18:01 AM, Richard wrote: RF> [EMAIL PROTECTED] RF> Is there any reason this would be in the sniffer file...I tried to do some RF> troubleshooting and finally just whitelisted their address...and they got RF> itbut I don't think Declude was holding it...I have SNIFFER on Delete... RF> Richard Farris RF> Ethixs Online RF> 1.270.247. Office RF> 1.800.548.3877 Tech Support RF> "Crossroads to a Cleaner Internet" RF> - Original Message - RF> From: "Pete McNeil" <[EMAIL PROTECTED]> RF> To: RF> Sent: Monday, July 11, 2005 8:54 AM RF> Subject: [sniffer] Update on outages etc... >> Hello Sniffer Folks, >> >> All of the critical equipment is now restored. >> >> We also have some additional equipment we will be bringing online >> over the coming weeks that will help us improve our update rates. >> >> We are currently short staffed due to the effects of Hurricane >> Dennis, but we expect that to change within the next 48 hours. >> >> The outward results from the outage and the short staffing will be >> that updates are slightly behind and that support may take a bit >> longer than usual. >> >> Sorry for any inconvenience. I will keep you posted :-) >> >> Thanks, >> _M >> >> Pete McNeil (Madscientist) >> President, MicroNeil Research Corporation >> Chief SortMonster (www.sortmonster.com) >> >> >> This E-Mail came from the Message Sniffer mailing list. For information >> and (un)subscription instructions go to >> http://www.sortmonster.com/MessageSniffer/Help/Help.html >> >> RF> This E-Mail came from the Message Sniffer mailing list. For RF> information and (un)subscription instructions go to RF> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
[sniffer] False Positive?
[EMAIL PROTECTED] Is there any reason this would be in the sniffer file...I tried to do some troubleshooting and finally just whitelisted their address...and they got itbut I don't think Declude was holding it...I have SNIFFER on Delete... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" - Original Message - From: "Pete McNeil" <[EMAIL PROTECTED]> To: Sent: Monday, July 11, 2005 8:54 AM Subject: [sniffer] Update on outages etc... Hello Sniffer Folks, All of the critical equipment is now restored. We also have some additional equipment we will be bringing online over the coming weeks that will help us improve our update rates. We are currently short staffed due to the effects of Hurricane Dennis, but we expect that to change within the next 48 hours. The outward results from the outage and the short staffing will be that updates are slightly behind and that support may take a bit longer than usual. Sorry for any inconvenience. I will keep you posted :-) Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html