[sniffer] Re: Blocking emails with Cyrillic characters
Here Here! I second the motion. It would be great to be able to block these. We use the Declude Country Filter which does a good job, but these Russian or Arabic E-mails don't always originate in the subject country. Thanks Steve for the good suggestion. Michael Stein Computer House - Original Message - From: Steve Guluk To: Message Sniffer Community Sent: Wednesday, December 13, 2006 3:42 PM Subject: [sniffer] Blocking emails with Cyrillic characters Hello Comrades, Could we get a rule that looks for various common Russian words (or Cyrillic characters) and then gives them a spam value? Do you sell much Sniffer Product to Russia? If not, rules that focus on common russian words would be great for blocking much of the spam that makes it's way past Sniffer. You could always create a way for people that want Russian emails to exclude this rule. No? Not that I know all the details of how you guys create your rules but a rule looking for common Cyrillic characters could catch all spam formatted in Russian as well as other languages that use similar characters. Otherwise you should hire some coders that understand these languages as I get a heap of spam that passes Sniffer by using what looks like Russian or Cyrillic characters. I run iMail 8.22 so if anyone has any other ideas that could block these please post your suggestions, I guess we could create a phrase list from some of the Cyrillic spams..? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Blocking emails with Cyrillic characters (I-Mail v8.22)
Thanks Eric, I hope you do not mind my posting this to the sniffer list so others may voice their suggestions as well as take your suggestions into account. On Dec 13, 2006, at 12:59 PM, E. H. ((Eric)) Fletcher wrote: Steve: I wonder whether a set of I-Mail rules that blocked all of the small island states with TLD's as well as Russia and Korea and anything else you wanted to include might not be effective. Assuming you host more than one domain, the rule base could be copied in by domain and modified if necessary for a domain that wanted to be able to receive the material. You could even take it to the user level if necessary. I've been playing with a few tests and have found it quite effective against new spam versions that the rule base has not yet encountered. It isn't at all effective against e-mail coming from an IP in Russia that masquerades with some other HELO or TLD but I'm surprised by how much of it is easily detected on that basis. It's also possible to block it out with huge IP blocks of course, as you can map them, but that is done for the I-Mail system as a whole so not easily implemented or tailored at the domain level. Best regards, Eric Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Blocking emails with Cyrillic characters (I-Mail v8.22)
Wednesday, December 13, 2006, 2:39:41 PM, Steve wrote: I wonder whether a set of I-Mail rules that blocked all of the small island states with TLD's as well as Russia and Korea and anything else you wanted to include might not be effective. Assuming you host more than one domain, the rule base could be copied in by domain and modified if necessary for a domain that wanted to be able to receive the material. You could even take it to the user level if necessary. I've been playing with a few tests and have found it quite effective against new spam versions that the rule base has not yet encountered. It isn't at all effective against e-mail coming from an IP in Russia that masquerades with some other HELO or TLD but I'm surprised by how much of it is easily detected on that basis. It's also possible to block it out with huge IP blocks of course, as you can map them, but that is done for the I-Mail system as a whole so not easily implemented or tailored at the domain level. There are DNSBL lists out there that allow you to block out specific countries by IP address - no muss, no fuss, nothing to maintain. This assumes your MTA supports DNSBL blocking of course. :-) -- Joey Lindstrom # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. To unsubscribe, E-mail to: [EMAIL PROTECTED] To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED] To switch to the INDEX mode, E-mail to [EMAIL PROTECTED] Send administrative queries to [EMAIL PROTECTED]
[sniffer] Re: Blocking emails with Cyrillic characters
As some one who speaks Russian, it would be more productive for you to forward those spams to sniffer for processing rather than create a rule based on normal common language characters. Besides, that is not what I expect from Sniffer. My understand of the premise of Message Sniffer is to create rules that search for a pattern in spam messages that can be reliably duplicated. Having a rule solely based on inclusion of common language characters would under-mind that trust we have in Message Sniffer. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve Guluk Sent: Wednesday, December 13, 2006 12:43 PM To: Message Sniffer Community Subject: [sniffer] Blocking emails with Cyrillic characters Hello Comrades, Could we get a rule that looks for various common Russian words (or Cyrillic characters) and then gives them a spam value? Do you sell much Sniffer Product to Russia? If not, rules that focus on common russian words would be great for blocking much of the spam that makes it's way past Sniffer. You could always create a way for people that want Russian emails to exclude this rule. No? Not that I know all the details of how you guys create your rules but a rule looking for common Cyrillic characters could catch all spam formatted in Russian as well as other languages that use similar characters. Otherwise you should hire some coders that understand these languages as I get a heap of spam that passes Sniffer by using what looks like Russian or Cyrillic characters. I run iMail 8.22 so if anyone has any other ideas that could block these please post your suggestions, I guess we could create a phrase list from some of the Cyrillic spams..? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
[sniffer] Re: Blocking emails with Cyrillic characters
I agree, sniffer isn't a filter for that type of thing, that's why your mail server has filters for rbl's, etc,etc. I think it does a fine job right now Thank You, Chris Bunting Enterprise Account Manager Lancaster Networks Direct: 717-278-6639 Office: 888-LANCNET x703 Fax: 717-431-6262 1085 Manheim Pike Lancaster PA 17601 www.lancasternetworks.com http://www.lancasternetworks.com/ -- Corporate Technology Solutions... Specializing in 3com NBX Telephony Solutions IT Services - Phone Systems - Digital CCTV -- The information in this e-mail is confidential and may be privileged or subject to copyright. It is intended for the exclusive use of the addressee(s). If you are not an addressee, please do not read, copy, distribute or otherwise act upon this email. If you have received the email in error, please contact the sender immediately and delete the email. The unauthorized use of this email may result in liability for breach of confidentiality, privilege or copyright. From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Wednesday, December 13, 2006 20:48 To: Message Sniffer Community Subject: [sniffer] Re: Blocking emails with Cyrillic characters As some one who speaks Russian, it would be more productive for you to forward those spams to sniffer for processing rather than create a rule based on normal common language characters. Besides, that is not what I expect from Sniffer. My understand of the premise of Message Sniffer is to create rules that search for a pattern in spam messages that can be reliably duplicated. Having a rule solely based on inclusion of common language characters would under-mind that trust we have in Message Sniffer. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Steve Guluk Sent: Wednesday, December 13, 2006 12:43 PM To: Message Sniffer Community Subject: [sniffer] Blocking emails with Cyrillic characters Hello Comrades, Could we get a rule that looks for various common Russian words (or Cyrillic characters) and then gives them a spam value? Do you sell much Sniffer Product to Russia? If not, rules that focus on common russian words would be great for blocking much of the spam that makes it's way past Sniffer. You could always create a way for people that want Russian emails to exclude this rule. No? Not that I know all the details of how you guys create your rules but a rule looking for common Cyrillic characters could catch all spam formatted in Russian as well as other languages that use similar characters. Otherwise you should hire some coders that understand these languages as I get a heap of spam that passes Sniffer by using what looks like Russian or Cyrillic characters. I run iMail 8.22 so if anyone has any other ideas that could block these please post your suggestions, I guess we could create a phrase list from some of the Cyrillic spams..? Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769
