David Cantrell writes:>>I already block mail from a rather large number of IPs before mail even reaches spamassassin, but have recently been thinking about blocking ASes instead of IPs.
It does look very interesting. I'd be keen to see results ;)I found this: http://zgp.org/linux-elitists/[EMAIL PROTECTED] which gives a bit of background info on why this might be useful, and ways of getting at the necessary data.
Analysing a few hours worth of spam (from before I started aggressively filtering by IP) with a hokey shell script spits out lots of Chinese and Korean ASes, plus Roadrunner, SBC, PSINET, Rogers Cable, Verio - the usual suspects. My script was too crude to produce reliable numbers.
I wonder what we could use this for -- Bayes tokens?
I am very conservative about my mail handling, and I don't think I trust Bayes enough for this yet. When Bayes misclassifies as spam stuff from a message body the damage is minor. If Bayes misclassified an AS, mail from huge chunks of the internet could be affected, regardless of content. Which would be bad.
-- David Cantrell | http://www.cantrell.org.uk/david
Educating this luser would be something to frustrate even the
unflappable Yoda and make him jam a lightsaber up his arse
while screaming "praise evil, the Dark Side is your friend!".
-- Derek Balling, in the Monastery
