Jim, Not at this time. The two processes are entirely different. The False Positives process is highly interactive. The standardized responses were implemented to allow for some automation on both sides.
Spam submissions are always treated as anonymous for security reasons and also because of the volume. At one point today we were processing 5000 spam per hour. At those rates it is not practical to respond to each submission. Advanced features near V4 (some time in the future) will allow us to handle some spam submissions specifically for a particular license ID --- so there are some plans for this later on. However, for the short and medium term all spam submissions will remain anonymous. If you have a chronic spam for which you would like a local black rule added then you should send a zip'd copy to support@ along with your requests. We will help you adjust your rulebase accordingly. For example, some relatively closed systems are able to use broad rules for certain character sets, file attachment types, or other features to eliminate messages they simply will never see in practice. _M On Wednesday, February 15, 2006, 4:40:50 PM, Jim wrote: JMJ> Pete, JMJ> Is there anyway to get an automatic response similar to the one listed below JMJ> for the FP address, but for submissions to your spam@ address? It would be JMJ> nice to get some feedback when submitting spam. JMJ> Jim Matuska Jr. JMJ> Computer Tech2, CCNA JMJ> Nez Perce Tribe JMJ> Information Systems JMJ> [EMAIL PROTECTED] JMJ> JMJ> -----Original Message----- JMJ> From: [EMAIL PROTECTED] JMJ> [mailto:[EMAIL PROTECTED] JMJ> On Behalf Of Pete McNeil JMJ> Sent: Wednesday, February 15, 2006 1:28 PM JMJ> To: Kevin Rogers JMJ> Subject: Re: [sniffer] False Positives JMJ> On Wednesday, February 15, 2006, 3:54:50 PM, Kevin wrote: KR>> My users have been getting a lot of FPs by Sniffer lately. They send me KR>> the email with the FULL HEADERS displayed and I forward this email on to KR>> SortMonster. The program they use to analyze incoming submissions check KR>> MY email headers, determine that SNIFFER was not at fault and sends me KR>> back an email saying it didn't find any flags. JMJ> Just to clarify a bit, here is the standard response you're probably JMJ> talking about: JMJ> [FPR:0] JMJ> The message did not match any active black rules as submitted. The rules JMJ> may have been modified or removed. If you provide matching log entries JMJ> from your system then we can research this further. JMJ> Note that sometimes our false processing system may not identify the JMJ> rules that matched this message on your system due to changes in the JMJ> submitted content that might occur during the forwarding process. JMJ> Please also be sure you are running the latest version, that your JMJ> rulebase file is up to date, and that you do not have any unresolved JMJ> errors in your Sniffer log file. Bug fixes in newer versions may resolve JMJ> false positive issues or reduce the risk of false positives through JMJ> enhanced features and new technologies. Certain errors in your log file JMJ> may indicate a corrupted rulebase. JMJ> --- JMJ> The software we use to scan false positive submissions is a version of JMJ> SNF that includes every rule we have in our system. If the messages JMJ> does not match any of these rules, MOST of the time it means that the JMJ> rule has been removed already. JMJ> If that is not the case, then the next step is to provide matching log JMJ> entries. On some systems this is not necessary because the headers may JMJ> already contain SNF x-header data that shows the rules involved. JMJ> This process is not intended to make things difficult, but to save JMJ> time. The majority of the time, our local scanner will identify the JMJ> rule or rules in question and we will respond accordingly. JMJ> When that is not the case we simply need more data to move forward JMJ> with the investigation. JMJ> Usually, when a rule is still in the system and it does not match a JMJ> false positive submission it is because the original message was JMJ> altered during the forwarding process or that some condition of being JMJ> attached has prevented the scanner on this end from reproducing the JMJ> result you had on your system. JMJ> Hope this helps, JMJ> _M JMJ> This E-Mail came from the Message Sniffer mailing list. For information and JMJ> (un)subscription instructions go to JMJ> http://www.sortmonster.com/MessageSniffer/Help/Help.html JMJ> This E-Mail came from the Message Sniffer mailing list. For JMJ> information and (un)subscription instructions go to JMJ> http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
