Just an FYI from my perspective. As things stand, Sniffer false
positives on dirty language is one of the top 5 types of FP's that I see
with Sniffer. It's not a huge problem, but I definitely wouldn't want
to see any more of it. While some companies do not have an issue with
blocking dirty language even if legitimate, this is not wise to do in a
global sense. Thankfully Pete does allow for rulebase customization so
that customers that want this type of blocking can have it.
Due to the variability of the messages, it is also generally better to
tag the URL or another pattern rather than the phrases that might be
used. I'm generally happy with how Sniffer picks up new URL's and
updates rulebases to block this stuff, but they will get through on
occasion no matter what you do because as soon as you start tagging word
patterns, the spammer changes those patterns or obfuscates in some other
way. No matter what however, every piece of spam needs a payload, which
is generally a link, E-mail address or phone number.
Matt
Pete McNeil wrote:
On Monday, March 28, 2005, 2:09:52 PM, Heimir wrote:
HE Anyway that sniffer could trigger on this type of stuff?
snip/
Yes. The bad news is that this stuff is highly variable and so more of
it gets through than we would like. The good news is that we are
developing filters to deal with it by capturing small fragments and
phrases so that they cannot be reused. For example, I created 7 new
rules based on the note use sent - each containing 2-5 word phrases
and fragments.
The hard part is to avoid blocking legitimate messages - so we can't
generally code on single words. For example hardcore and it's
variations has a high porn spam score, but it is also widely used in
current language. The word suck by itself is not a workable solo and
neither is that random combination of hardcore an suck (though you
might be tempted)... A quick look at any extreme sports article
readily yields many of these words.
You could opt to create some black rules that contain simple
combinations or even single words like these if you have a
sufficiently narrow demographic on your system.
In the mean time we will continue to aggressively create rules for the
safe combinations we can spot and/or predict. Of course, we always
capture URI in these cases when available.
Hope this helps,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html