New Zealand ADSL Mailing List


RE: Increasing spam from NZ ADSL hosts

From: Craig Whitmore <lennon_at_orcon.net.nz>
Date: Mon, 14 Jun 2004 20:57:07 +1200
Message-Id: <200406140856.i5E8uREK032397@dbmail-mx4.orcon.co.nz>

>
> The problem is not that it was in German. The problem is that the format
> was very standard and did not use any of the usual spammers tricks.
> Most modern spam checkers do not rely overly much on the content of the
> message body, instead they get a lot of information from the headers and
> rbls.
>
> In this case none of the relays were in rbls and the headers looked very
> ordinary in fact the only odd thing about the emails is that they were
> in German.
>

I must disagree with this. Most Modern Spam Checkers use the entire message
including headers to work out if it's a spam or not. Spamassassin for
example will use the content of the messages and the headers information is
a large number of ways (Bayes (not very good implementation of it), RBL's,
Key Words in Body etc) and will get ~95% if setup right.

IMHO Spam Checkers which use "rules" are such a huge hassle to keep up to
date (A good example was the German Spam, which a rule was quite easily
written.. what happens next time when the Message-ID line is valid, it just
won't find it). You have to keep your rules up to date, change them. Add
them to keep up with the different ways people are sending spam.

Statistical systems like raw crm114 and bayesian etc are really the only way
of stopping spam these days, and they learn %*&*^% fast what spam is.(as
long as you use them correctly). For example feeding only like 30-40 of the
German Spams, the bayesian system I am using at the moment started finding
100% of the spams.

Most ISP's have "Anti-Spam" systems these days, and some are good, and some
just don't work very well. (I've found that the commercial ones that some
ISP's use are a lot worse that the open source ones) (85% correct on 1
commercial anti-spam system I looked at upto 99.9% correct with some very
nice opensource software)

Thanks
Craig 

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message
Received on Mon Jun 14 20:57:28 2004

This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:31 2006 EST