[sniffer] Porn Spam again

[Heimir Eidskrem]

Anyway that sniffer could trigger on this type of stuff?

Blonde Tit Licked By Black Guy On Backseat
blonde whore screws three guys 
Adorable Blond Teen Hardcore Blowjob
Dark Haierd Abbes Suck Big Black Dick 3some Movies
Pornstar Brandi Lyons Hardcore On Couch Movies

--
Cordially,
Heimir Eidskrem
i360, Inc.
2825 Wilcrest, Suite 675
Houston, TX 77042
Ph:  713-981-4900
Fax: 832-242-6632
[EMAIL PROTECTED]
www.i360.net
www.i360hosting.com
www.realister.com
Houston's Leading Internet Consulting Company 

This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Porn Spam again

[Pete McNeil]

On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote:

HE Anyway that sniffer could trigger on this type of stuff?

snip/

Yes. The bad news is that this stuff is highly variable and so more of
it gets through than we would like. The good news is that we are
developing filters to deal with it by capturing small fragments and
phrases so that they cannot be reused. For example, I created 7 new
rules based on the note use sent - each containing 2-5 word phrases
and fragments.

The hard part is to avoid blocking legitimate messages - so we can't
generally code on single words. For example hardcore and it's
variations has a high porn spam score, but it is also widely used in
current language. The word suck by itself is not a workable solo and
neither is that random combination of hardcore an suck (though you
might be tempted)... A quick look at any extreme sports article
readily yields many of these words.

You could opt to create some black rules that contain simple
combinations or even single words like these if you have a
sufficiently narrow demographic on your system.

In the mean time we will continue to aggressively create rules for the
safe combinations we can spot and/or predict. Of course, we always
capture URI in these cases when available.

Hope this helps,

_M





This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Porn Spam again

[Matt]

Just an FYI from my perspective.  As things stand, Sniffer false 
positives on dirty language is one of the top 5 types of FP's that I see 
with Sniffer.  It's not a huge problem, but I definitely wouldn't want 
to see any more of it.  While some companies do not have an issue with 
blocking dirty language even if legitimate, this is not wise to do in a 
global sense.  Thankfully Pete does allow for rulebase customization so 
that customers that want this type of blocking can have it.

Due to the variability of the messages, it is also generally better to 
tag the URL or another pattern rather than the phrases that might be 
used.  I'm generally happy with how Sniffer picks up new URL's and 
updates rulebases to block this stuff, but they will get through on 
occasion no matter what you do because as soon as you start tagging word 
patterns, the spammer changes those patterns or obfuscates in some other 
way.  No matter what however, every piece of spam needs a payload, which 
is generally a link, E-mail address or phone number.

Matt

Pete McNeil wrote:
On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote:
HE Anyway that sniffer could trigger on this type of stuff?
snip/
Yes. The bad news is that this stuff is highly variable and so more of
it gets through than we would like. The good news is that we are
developing filters to deal with it by capturing small fragments and
phrases so that they cannot be reused. For example, I created 7 new
rules based on the note use sent - each containing 2-5 word phrases
and fragments.
The hard part is to avoid blocking legitimate messages - so we can't
generally code on single words. For example hardcore and it's
variations has a high porn spam score, but it is also widely used in
current language. The word suck by itself is not a workable solo and
neither is that random combination of hardcore an suck (though you
might be tempted)... A quick look at any extreme sports article
readily yields many of these words.
You could opt to create some black rules that contain simple
combinations or even single words like these if you have a
sufficiently narrow demographic on your system.
In the mean time we will continue to aggressively create rules for the
safe combinations we can spot and/or predict. Of course, we always
capture URI in these cases when available.
Hope this helps,
_M


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html
 

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html