On Thu, Jun 4, 2009 at 13:57, Adam Katz antis...@khopis.com wrote:
John Hardin wrote:
So that data comes from /etc/hosts. How does that materially affect the
FCrDNS sanity test?
By definition, FCrDNS uses DNS lookups. Unless you're using dnsmasq,
the entries in /etc/hosts are ignored during
Different people run botnet at different score levels, depending on
what they want the rule to do. The default is 5 because 5 is the
common point where people set messages aside for review (remove them
from their regular mail stream). That's what botnet is saying about
such messages: this
On Thu, Jun 4, 2009 at 16:32, Adam Katzantis...@khopis.com wrote:
John Rudd wrote:
That seems to be an important distinction for
strict/rigorous/theoretical discussions of what is full circle
reverse DNS, and things along those lines... but I'm not sure if
it really is an important
On Sat, Jun 6, 2009 at 13:38, Rich Shepardrshep...@appl-ecosys.com wrote:
On Sat, 6 Jun 2009, John Rudd wrote:
The thing thing to do to fix messages from given locations is lean,
heavily, upon the sender to get their sending environment fixed. What
botnet finds are sites with bad DNS
On Mon, Jun 8, 2009 at 09:55, Jari Fredrikssonja...@iki.fi wrote:
The BOTNET plugin isn't covered in the CustomPlugins wiki
page. When I Googled it I found this:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
but it's a bit old. Is there a later version?
That's 0.8 which is AFAIK
On Mon, Jun 8, 2009 at 16:31, alexusale...@gmail.com wrote:
whats botnet plugin?
It's a SpamAssassin plugin looks at DNS configurations and attempts to
identify hosts that are probably actually clients that are sending
email directly to your server, instead of through their own mail
server.
had provided John Rudd with a nice, neat patch
for botnet.pm well over a year ago to resolve this issue, John has not
opted to take the 5 minutes that is necessary to fix botnet by applying
the patch. He is no longer maintaining botnet, and it has become an
orphaned plugin that is in serious need
On Thu, Jun 11, 2009 at 06:46, Bill Landryb...@inetmsg.com wrote:
McDonald, Dan wrote:
On Wed, 2009-06-10 at 21:40 -0700, John Rudd wrote:
On Wed, Jun 10, 2009 at 21:11, Bill Landryb...@inetmsg.com wrote:
Jake Maul wrote:
Interesting that I'm just now running into this... I've been using
On Thu, Jun 11, 2009 at 12:45, Charles Gregorycgreg...@hwcn.org wrote:
With respect, your concerns about
required testing are at the least, exaggerated. The testing has been
done by everyone who uses the patch.
a) thank you for your well worded thoughts
b) my statement about the time it
Botnet seems to have caught that just fine (it's listed in the rules
which were triggered). The problem is either that you're running it
at a lower score (which you could also do for Botnet0.8 if you wanted
to upgrade -- their default scores are exactly the same), or you need
other rules/configs
On Sat, Jun 13, 2009 at 18:47, MySQL Studentmysqlstud...@gmail.com wrote:
Hi John,
Botnet seems to have caught that just fine (it's listed in the rules
which were triggered). The problem is either that you're running it
at a lower score (which you could also do for Botnet0.8 if you wanted
On Sat, Jun 13, 2009 at 18:56, MySQL Studentmysqlstud...@gmail.com wrote:
I also see BOTNET_NORDNS in Botnet.cf, but it isn't being triggered. It's
also weighted at 0.0. Is there a reason for this?
There's two ways to use Botnet:
1) one big rule (BOTNET) that rolls up all of the sub-rule
On Mon, Jun 15, 2009 at 15:43, Jason Haarjason.h...@trimble.co.nz wrote:
Theo Van Dinter wrote:
SpamAssassin is not a porn filter, whatever the variety.
Yes it is. If it's unsolicited - then it's spam.
I believe Theo's point is that: Just because it's porn doesn't mean
it's unsolicited. The
On Mon, Jun 22, 2009 at 15:06, Arvid Picciania...@exys.org wrote:
Jeremy Morton wrote:
You then have to pay their tithe money to get people to start receiving
your e-mail again.
sorbs doesn't charge for delisting.
Actually no trustworthy bl does.
Technically correct, but not literally.
On Mon, Jun 22, 2009 at 18:07, Resr...@ausics.net wrote:
On Tue, 23 Jun 2009, mouss wrote:
payment were only needed for spam, not for dul
not really :) despite what their site said/says.. its kind of a detterent i
think sunno we never paid
I think it's fair to hold/criticize/ridicule
2009/6/25 Ned Slider n...@unixmail.co.uk:
Karsten Bräckelmann wrote:
On Thu, 2009-06-25 at 13:20 +0200, Jan P. Kessler wrote:
Henrik K schrieb:
SA is trying to be too supportive for the money it receives. ;-) If you
ask
me, just ditch this and all other old baggage for 3.3. If you are not
On Thu, Jun 25, 2009 at 07:11, Per Jessenp...@computer.org wrote:
John Rudd wrote:
I've seen LOTS of so-focused-on-stability if it ain't broke, don't
upgrade it type shops in the Solaris arena ...
You'll likely find that in any production environment that is concerned
about uptime
On Thu, Jun 25, 2009 at 10:09, Chris Hoogendykhoogen...@bio.umass.edu wrote:
Gone are the days when you totally avoided upgrades because of the time,
hassle and risk involved.
Time and hassle, maybe. Risk, no. Risk is not a binary, it's a
balancing act. Live updates don't remove risk, they
On Thu, Jun 25, 2009 at 14:41, moussmo...@ml.netoyen.net wrote:
James Wilkinson a écrit :
If you mean “IP address that should not have been in the PBL but was”,
that’s one thing. It’s a consistent definition, but not very useful for
stopping spam.
yes, the PBL may list blocks that contain
On Fri, Jun 26, 2009 at 15:23, LuKremekrem...@kreme.com wrote:
On 26-Jun-2009, at 14:54, Charles Gregory wrote:
I don't care. It's the *meaning* that matters. Not the *word*.
Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail
from a verifiable source with a verifiable
View this message in context:
http://www.nabble.com/Any-one-interested-in-using-a-proper-forum--tp24697144p24697144.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
He's clearly using Nabble, and thinks that's the primary interface for
the list ...
So, Peter, if
On Tue, Jul 28, 2009 at 06:29, McDonald,
Dandan.mcdon...@austinenergy.com wrote:
On Tue, 2009-07-28 at 06:16 -0700, John Rudd wrote:
Though ... it'd be nice if there was a direct RSS feed for the users
list. Hopefully Nabble isn't my only choice for an RSS feed :-}
(esp. since it posts 1 RSS
On Tue, Jul 28, 2009 at 06:29, McDonald,
Dandan.mcdon...@austinenergy.com wrote:
On Tue, 2009-07-28 at 06:16 -0700, John Rudd wrote:
Though ... it'd be nice if there was a direct RSS feed for the users
list. Hopefully Nabble isn't my only choice for an RSS feed :-}
(esp. since it posts 1 RSS
On Tue, Jul 28, 2009 at 07:09, RWrwmailli...@googlemail.com wrote:
On Tue, 28 Jul 2009 06:16:38 -0700
John Rudd jr...@ucsc.edu wrote:
Personally, when I'm so lightly involved in a message stream that I
don't want to be subscribed to the entire list, I prefer to use the
RSS interface
On Thu, Jul 30, 2009 at 14:01, ktnj_engl...@kawasaki-tn.com wrote:
Actually I think Nabble is great for those of us who can't handle the traffic
of the whole mailing list.
If you're an RSS reader, I'd suggest getting an RSS feed from gmane.
You can pick 4 types of feed:
1) full articles, 1
On Thu, Jul 30, 2009 at 17:54, Aaron Wolfeaawo...@gmail.com wrote:
On Thu, Jul 30, 2009 at 5:01 PM, ktnj_engl...@kawasaki-tn.com wrote:
Actually I think Nabble is great for those of us who can't handle the traffic
of the whole mailing list.
This list generates less than 50 messages per day
On Fri, Jul 31, 2009 at 12:37, LuKremekrem...@kreme.com wrote:
On Jul 31, 2009, at 1:33 PM, jdow wrote:
Given that profanity is the effort of a small mind to express itself
I have a feeling he's going to receive his third and final warning any
time now, Matt
Given that nothing that richard
On Sat, Oct 3, 2009 at 11:06, Warren Togami wtog...@redhat.com wrote:
# 8-letter .cn domain, per Warren Togami
uri CN_EIGHT m;^https?://(?:[^./]+\.)*[^./]{8}\.cn/;
describe CN_EIGHT .CN uri with eight-letter domain name
score CN_EIGHT
On Sat, Oct 3, 2009 at 15:55, John Hardin jhar...@impsec.org wrote:
On Sat, 3 Oct 2009, John Rudd wrote:
On Sat, Oct 3, 2009 at 11:06, Warren Togami wtog...@redhat.com wrote:
# 8-letter .cn domain, per Warren Togami
uri CN_EIGHT
m;^https?://(?:[^./]+\.)*[^./]{8}\.cn/;
describe
On Sat, Oct 10, 2009 at 16:44, Warren Togami wtog...@redhat.com wrote:
Given that zen.spamhaus.org is a combination of XBL and PBL, this
data seems to confirm the good reputation of Spamhaus.
Er.. Zen is a combination of SBL, XBL, and PBL. Not just the XBL and PBL.
UCSC uses them for various announcement messages as well (I think
they're mostly in-bound (ie. sending to UCSC addresses), but I don't
know if that's 100% true).
So, while I can't speak to whether or not they send spam, I can vouch
that they are sometimes used to send ham.
JRudd
On Fri, Oct
On Fri, Oct 16, 2009 at 11:07, R-Elists list...@abbacomm.net wrote:
So, even though I cringe when I hear a name like Constant
Contact, it does serve a legitimate business need.
says who?
Me. I work for one of their clients (a University). One or two of
our divisions use them for large
On Fri, Oct 16, 2009 at 13:29, John Hardin jhar...@impsec.org wrote:
On Fri, 16 Oct 2009, John Rudd wrote:
Me. I work for one of their clients (a University). One or two of
our divisions use them for large mailings to our internal users.
How is Constant Contact better than (say) GNU
On Sat, Oct 17, 2009 at 06:24, rich...@buzzhost.co.uk
rich...@buzzhost.co.uk wrote:
Remember, if the
sender was really clean, their would be zero need for CC.
Absolute unadulterated BS.
This is equivalent to saying all of those lay-people who just get
gmail or yahoo or hotmail accounts -- if
All:
_IS_ there a Thunderbird plugin for SA? That would seem to be quite useful.
1) install perl for your platform (amadis: the perl language
interpreter is required for Spam Assassin)
2) install SA
3) install the (hypothetical) Thunderbird plugin
Then you can use SA to augment Thunderbird's
heheh. I was about to make the same reply... without the eyes.
On Mon, Oct 26, 2009 at 18:22, jdow j...@earthlink.net wrote:
No, I didn't get your email.
{O,o}}
- Original Message - From: Lars Ebeling
lars.ebel...@leopg9.no-ip.org
Sent: Monday, 2009/October/26 06:53
Or am I
On Tue, Oct 27, 2009 at 05:42, rich...@buzzhost.co.uk
rich...@buzzhost.co.uk wrote:
On Tue, 2009-10-27 at 05:08 -0600, LuKreme wrote:
On 27-Oct-2009, at 04:53, Mike Cardwell wrote:
Why have any geocities specific rules any more if geocities doesn't
exist? It's not as if spammers can host
On Tue, Oct 27, 2009 at 06:06, rich...@buzzhost.co.uk
rich...@buzzhost.co.uk wrote:
On Tue, 2009-10-27 at 05:50 -0700, John Rudd wrote:
On Tue, Oct 27, 2009 at 05:42, rich...@buzzhost.co.uk
rich...@buzzhost.co.uk wrote:
On Tue, 2009-10-27 at 05:08 -0600, LuKreme wrote:
On 27-Oct-2009, at 04
yeah, RW pretty much hit this one on the head. You're going to need
to exempt it by IP, not by domain name.
On Thu, Nov 5, 2009 at 19:56, RW rwmailli...@googlemail.com wrote:
On Fri, 6 Nov 2009 03:28:40 +
RW rwmailli...@googlemail.com wrote:
The
Per Jessen wrote:
Perhaps someone can turn this into a rule for SA to add some points.
The mail-server that detects the missing QUIT could easily add a header
which SA would then pick up on. But it might depend on what
those other factors are.
Part of the problem here is that a
Tuc at T-B-O-H.NET wrote:
Tuc at T-B-O-H wrote:
That's as much detail as I'm going to go into here. But the result is
that I have 720,000 IP addresses of virus infected computers and I'm
fiultering about 1600 domains and I'm not getting any more than the
normal few false positive complaints.
hanz wrote:
I believe if botnet.pm is checking all the path the mail went thru like how
dnsbl is used, botnet will get more accurate.
No, it would throw a lot more false-positives. Every end user
(corporate, home, etc.) on a dynamic IP address would suddenly get their
email flagged by
Loren Wilton wrote:
As far as I have understood it Botnet checks the first IP not being in
your trusted networks.
botnet probably does such checks based on trusted_networks and
internal_networks settings: doesn't check IP in trusted_networks, but
continues on next IP when current one is in
I see in another thread a discussion about what people want to see in SA
RBL support. I thought I'd throw in my $.02.
I want a non-binary setting for use RBLs or not.
The all or nothing approach that has been used, where you set it to
use RBLs or skip them, and then you have to track down
R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to high for our organisation. Wich list is
Matus UHLAR - fantomas wrote:
On 08.10.07 14:56, John Rudd wrote:
I see in another thread a discussion about what people want to see in SA
RBL support. I thought I'd throw in my $.02.
I want a non-binary setting for use RBLs or not.
I want:
use_rblszen.spamhaus.org list.dsbl.org
Matt Kettler wrote:
Rick Macdougall wrote:
Hi,
Anyone ever hear of or use them?
www.mipspace.org
Looks like they block commercial senders.
Aye, looks like their goal is to list all commercial senders, legit,
semi-legit, or otherwise. Which I could see being useful in some
environments.
IMO, one of the best and _easiest_ things any site can do to show love
to any blacklist service is: run a local mirror. Even better is to run
a publicly accessible mirror ... but a local mirror lessens your impact
on the service you're consuming. Ask them when and often you can pull
the
Bart Schaefer wrote:
On 10/17/07, Tom Ray [EMAIL PROTECTED] wrote:
I just thought if anyone hasn't read it yet, this article might be
interesting to many of you. According to this report SPAM has now
reached being 95% of all email.
This is hyperbole.
What it really means is that 95% of the
[EMAIL PROTECTED] wrote:
Hi,
I cannot seem to find any useful documentation on this.
Specifically, I need to disable spamhaus RBLs in all forms (DNS, URI,
etc.). The lookups are slowing down spamassassin too much, and the mail
backs up by the thousand, while the CPUs are mostly idle.
I
Daryl C. W. O'Shea wrote:
Mark Martinec wrote:
An alternative workaround: to SA 3.2.3 apply a patch in:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589
then you can specify per-zone timeouts, e.g.:
rbl_timeout 1.5 spamhaus.org
Doesn't disable DNS, but at least limits the time
mouss wrote:
Marcin Praczko wrote:
It is possible add some text to Subject: For example [SPLIST] - to make easier
set up filter for emails?
List managers (and other software) should not alter email unless
absolutely necessary.
List sysadmins should do whatever they want with email that
Daryl C. W. O'Shea wrote:
On 11/23/2007 6:15 PM, John Rudd wrote:
Ever since upgrading in the last 2 months, I've been getting a lot
more false positive complaints, and one of the most frequent rules to
show up in my false positives is:
2.8 BASE64_LENGTH_79_INF BODY
Ever since upgrading in the last 2 months, I've been getting a lot more
false positive complaints, and one of the most frequent rules to show up
in my false positives is:
2.8 BASE64_LENGTH_79_INF BODY: BASE64_LENGTH_79_INF
That rule description is COMPLETELY useless.
So, here are my
In the past, turning off a rule was supposed to be as simple as setting
its score to zero. Is that no longer the case? I set a rule to zero,
and it's still showing up in my logs (but it looks like the value is
correctly being recorded as zero, so it's not affecting my scores; I'm
just
Theo Van Dinter wrote:
On Thu, Dec 06, 2007 at 09:30:34AM +, Justin Mason wrote:
if that doesn't work, it's a bug; please report it at the Bugzilla.
... assuming that the local.cf file is actually being read and doesn't have an
error causing the parsing of the file to fail. :)
That
Per Jessen wrote:
John D. Hardin wrote:
On Mon, 17 Dec 2007, Per Jessen wrote:
Does anyone have a current status for blackholes.us ? The rsync'ed
data is about 18months old.
I had an email rejected earlier today due to a server
being blacklisted by germany.blackholes.us
Well, if the
Ralf Hildebrandt wrote:
* SM [EMAIL PROTECTED]:
Time to blacklist google.
The users may complain if you do that.
To [EMAIL PROTECTED] Problem solved!
No. Your users may complain to you that they're unable to receive email
from colleagues/friends/etc. who use google.
Though, depending
mouss wrote:
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this
once
useful service. On the contrary, the best way would be to simply return a
DNS host not found error or a connection refused
Aaron Wolfe wrote:
On Tue, Mar 25, 2008 at 11:50 PM, John Rudd [EMAIL PROTECTED] wrote:
mouss wrote:
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this
once
useful service
Mark,
Thanks, I'll try to work that into 0.9.
John
Mark Martinec wrote:
Jan-Peter,
I just noticed BotNet (0.8) causing SA timeouts
Then it just hangs for quite some time and finally runs into the
timeout. Any idea?
A known problem, it uses a default timeout of Net::DNS,
which is
SM wrote:
At 10:06 24-04-2008, Johnson, S wrote:
Thanks for the input. I'm using:
Postfix (I drop a ton of connections before the mail is even allowed
in to my filters)
- 6 RBLs
- malformed email tests
Spamassassin
mimedefang
razor2
dcc
pyzor
bayes lists
Mailscanner
If you have
SM wrote:
At 08:03 25-04-2008, John Rudd wrote:
I believe he's calling SpamAssassin during the SMTP session, using
mimedefang (a milter). Mailscanner doesn't let you do that (at least,
not the last time I used it; it didn't have milter bindings).
He's using Mailscanner as well
On Jun 5, 2006, at 7:22 AM, Steven W. Orr wrote:
On Monday, Jun 5th 2006 at 10:19 -0400, quoth Steven W. Orr:
=I am upgraded to 3.1.2 and in my /etc/mail/spamassassin directory I
have
=both v310.pre and v312.pre. Should I delete the v310.pre (no changes
were made
=to it) or should it be
On Jun 9, 2006, at 1:19 PM, Marc Perkel wrote:
After considerable experimenting and thinking things through I thought
I'd start a thread on the future of email to start planting the seeds
of
where MTA development needs to go. I'm convinced that someday soon we
will all realize that MBOX and
On Jun 9, 2006, at 3:16 PM, Rob McEwen wrote:
MS Exchange... one big Database
Exactly...
And that is one reason why I wouldn't touch this SQL idea with a 10
foot
pole.. the fact that Exchange works this way only proves my point... I
hear
all the time about Exchange servers crashing and
On Jun 9, 2006, at 9:49 PM, Sanford Whiteman wrote:
If we are talking about making a SQL application that is usable for
a multitude of people then why lock them into something. That's the
easiest way to drive them away from supporting it.
Word. Perl can play nice with plenty of RDBMSs.
On Jun 13, 2006, at 7:52 PM, Marc Perkel wrote:
John Rudd wrote:
and maybe a decent perl MTA to put in front of it too (something that
will work with sendmail milters...).
I think that a local delivery program could be written fairly easily
that Exim or any other existing MTA could
On Jul 4, 2006, at 2:06 AM, Anthony Peacock wrote:
I have a user who uses myway.com when he is travelling for work, and
whose family all have accounts. Just had to explain why a lot of
their emails where not getting through...
Why not add that user and their family to your SA whitelist?
Um.. mailscanner doesn't use spamd...
in your last message, you said you're using mailscanner.
Might be a good idea to ask all of this on the mailscanner list.
(see www.mailscanner.info )
On Jul 21, 2006, at 12:23, Golden, James wrote:
I have a little more information. I figured out I
On Jul 21, 2006, at 10:51 PM, jdow wrote:
From: John D. Hardin [EMAIL PROTECTED]
On Fri, 21 Jul 2006, John Andersen wrote:
On Friday 21 July 2006 18:03, John D. Hardin wrote:
The folks over at accessintel (the server bouncing list traffic)
don't
seem to know what they are doing.
I got
Does anyone have a scale that compares the SA score to a percent
likelihood that the message is spam?
Something like a score of 5 is a 75% chance than the message is spam.
But I don't want it just for a score of 5. What I'd like is for
scores of 1-10. And I'd also like to see it for
.
-Sietse
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Wed 26-Jul-06 12:13
To: SpamAssassin Users
Subject: SA Score - Confidence Percentage
Does anyone have a scale that compares the SA score to a percent
likelihood that the message is spam?
Something
On Jul 26, 2006, at 6:40 AM, Chris Santerre wrote:
-Original Message-
From: John Rudd [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 6:38 AM
To: Sietse van Zanen
Cc: SpamAssassin Users
Subject: Re: SA Score - Confidence Percentage
I can see how plugins and add
On Jul 26, 2006, at 9:07 AM, Theo Van Dinter wrote:
On Wed, Jul 26, 2006 at 07:43:51AM -0700, John Rudd wrote:
When that score is developed, how is it decided that the scores have
settled? When a 95% of the spam in the corpus got ranked 5 or
higher? 80%? 100%? That's the comparison I'm
On Jul 30, 2006, at 4:37 PM, jdow wrote:
From: John Rudd [EMAIL PROTECTED]
On Jul 26, 2006, at 5:23 PM, jdow wrote:
I am a bit of a heretic in this group because I take the nasty step
of taking rules that are almost always right (one error per thousand
or more hits) and make sure the score
On Jul 30, 2006, at 5:18 PM, jdow wrote:
(You DO review your spam mailbox before
tossing the spam, don't you?
Sort of... what I do (at home) is:
0) MIMEDefang rejects anything that scores = 10. MIMEDefang also
rejects anything that doesn't have a PTR record, or has a PTR record
that
On Aug 1, 2006, at 9:53 AM, Theo Van Dinter wrote:
On Tue, Aug 01, 2006 at 09:24:55AM -0700, John D. Hardin wrote:
How many spams would really comeback. max 20%
There is a much lighter-weight and more global way to achieve that:
standard greylisting.
Well, until greylisting becomes enough
On Aug 1, 2006, at 12:56, Marc Perkel wrote:
I'm writing a paper that I'm submitting to an Internet Governance
Forum of the United Nations. Keeping in mind that free speech and
freedom is important, what would you change in the world to stop spam?
I'm looking for things that are actually
On Aug 1, 2006, at 13:41, Marc Perkel wrote:
Theo Van Dinter wrote:On Tue, Aug 01, 2006 at 04:07:38PM -0400,
Rosenbaum, Larry M. wrote:
A reliable DUL list would be good. If it were possible to determine
if
an incoming STMP connection were coming from a server or an end user,
that
On Aug 1, 2006, at 14:06, John Rudd wrote:
5) Require ISP's to channel their customer's email through their own
mail servers (which will have some impact upon SPF tracking as well)
and not allow any non-business customers, nor any dynamic customers
(business or commercial), to directly
1) use Martin Blapp's OCR plugin/patch for SA. feed data to bayes.
http://antispam.imp.ch/patches/patch-ocrtext
2) to combat the images with subtle differences, develop a checksum
method that ignores the lower (3 or 4 bits? out of 8 bits) of each
color channel. That way you get what is
On Aug 1, 2006, at 18:16, John D. Hardin wrote:
On Tue, 1 Aug 2006, John Rudd wrote:
Not directly stopping spam, but helping to close holes that are
manipulated by spammers, and make it easier to track them:
1) Require Virus Scanning on all SMTP transactions, on the recipient's
side
On Aug 1, 2006, at 6:31 PM, John Rudd wrote:
On Aug 1, 2006, at 18:16, John D. Hardin wrote:
On Tue, 1 Aug 2006, John Rudd wrote:
Not directly stopping spam, but helping to close holes that are
manipulated by spammers, and make it easier to track them:
1) Require Virus Scanning on all
On Aug 1, 2006, at 6:54 PM, John D. Hardin wrote:
On Tue, 1 Aug 2006, jdow wrote:
From: Marc Perkel [EMAIL PROTECTED]
Allowing IMAP/POP to Send Email
Nonsense.
...is there an echo in here? ;)
Having also said the same thing ... Doesn't part of Microsoft's
extension to IMAP
On Aug 1, 2006, at 8:55 PM, Loren Wilton wrote:
2) to combat the images with subtle differences, develop a checksum
method that ignores the lower (3 or 4 bits? out of 8 bits) of each
color channel. That way you get what is essentially a very high
Won't work. White on black and black on
On Aug 1, 2006, at 9:32 PM, John D. Hardin wrote:
On Tue, 1 Aug 2006, John Rudd wrote:
On Aug 1, 2006, at 6:54 PM, John D. Hardin wrote:
On Tue, 1 Aug 2006, jdow wrote:
From: Marc Perkel [EMAIL PROTECTED]
Allowing IMAP/POP to Send Email
Nonsense.
...is there an echo in here
On Aug 1, 2006, at 10:24 PM, John Andersen wrote:
Direct deliver is not evil, and the current fad of blocking DHCP
assigned
IPs had not cut down on spam one little bit.
It actually blocks a ton of spam in my world.
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black white speckled image with red text on it?
Explain to me how you think it will fail?
On Aug 1, 2006, at 11:58 PM, Derek Harding wrote:
John Rudd wrote:
On Aug 1, 2006, at 10:30 PM, Derek Harding wrote:
John Rudd wrote:
Um, how exactly will they fail?
How about a nice black white speckled image with red text on it?
Explain to me how you think it will fail?
So you're
On Aug 2, 2006, at 12:12 AM, Benny Pedersen wrote:
On Wed, August 2, 2006 06:11, John Rudd wrote:
white will produce (assuming 24bit color) f0,f0,f0 and black will
produce 00,00,00. Thus, you get a nice high-contrast image for
feeding
just for clearness white is ff, ff, ff
yes, white
On Aug 2, 2006, at 12:25 AM, jdow wrote:
From: Derek Harding [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hi,
a friend of mine is using outlook stationary with a logo.
This would hit the rule ... I am not sure whether many senders do
that, however
Stationery and image sig files are the two
On Aug 2, 2006, at 2:23 AM, MennovB wrote:
John Andersen wrote:
The very trouble we are in with spam is caused by the fact that
spammers can hide behind several layers of ISPs and forwarders.
The very thing you suggest is the solution IS THE PROBLEM!.
I guess you get different spam then
On Aug 2, 2006, at 3:03 AM, Matthias Keller wrote:
will it not be much faster just to make a md5 sum on the image file
without
thinking if it a appel or orange ? :-)
Yes, but just taking a straight sum will be sensitive to all of those
small pixels which are changed by the spammers so that
On Aug 2, 2006, at 5:21 AM, Jim Maul wrote:
John D. Hardin wrote:
On Tue, 1 Aug 2006, Theo Van Dinter wrote:
Except now you've also delayed your valid mail by 30 minutes or an
hour which sucks (and is sometimes completely unacceptable).
Repeat after me: Email is a non-guaranteed, Best
On Aug 2, 2006, at 1:09 PM, Zinski, Steve wrote:
I use SpamCop to report my spam.
I use the SpamHaus RBL as a first line of defense then I use
SpamAssassin to catch the rest of the spam coming to my server.
Am I wasting my time? Should I just delete low-scoring spam and let the
honeypots
On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote:
If SMTP becomes a server to server protocol then it will wipe out
consumer virus infected spam zombies. It's not going to get rid of all
spam - just most of it.
It will wipe out the _existing_ spam zombies. Then the zombies will
adapt to using
On Aug 2, 2006, at 3:40 PM, jdow wrote:
From: John Rudd [EMAIL PROTECTED]
On Aug 2, 2006, at 1:26 PM, Marc Perkel wrote:
If SMTP becomes a server to server protocol then it will wipe out
consumer virus infected spam zombies. It's not going to get rid of
all spam - just most
On Aug 3, 2006, at 11:16 PM, [EMAIL PROTECTED] wrote:
From: Kenneth Porter [EMAIL PROTECTED]
--On Wednesday, August 02, 2006 12:02 PM -0700 MennovB
[EMAIL PROTECTED]
wrote:
Anyway, IMHO with SYN throttle you would only be rate-limiting the
zombies, I would rather they stopped sending
righting? is that the opposite of wronging? :-)
On Aug 9, 2006, at 7:19 PM, jdow wrote:
I've been noticing that this seems to be cropping up in an awful lot
in the righting committed by younger folks. It contributes to the
impression that even college graduates these days are functionally
1 - 100 of 466 matches
Mail list logo