On Wed, Oct 02, 2002 at 05:26:23PM +1200, Simon Lyall wrote:
Because I thought he would go away after the first day. Also we very much avoid blocking email to customers.
Except the domain is bogus... how much legitimate email do you get bogus domains and how much spam do you get with bogus domains?
People do not accept their email being blocked and get VERY paranoid if they think email is not getting through. Dropping people's email to the floor is not an option in an ISP situation.
Except here the domain is bogus and it clearly wasn't email (it was spam).
w.r.t RBLs we use them as part of our anti-spam service, useful ones include bl.spamcop.net and kr.cluecentral.net and cn.cluecentral.net.
I found that there was still plenty of spam coming using various RBLs and that the false-positive rate is too high. So I started trying to think of ways to put the spam I get to use.
What software are you using for filtering? Some sort of Bayesian type thing?
Originally is was something I made up, then I tried a pseudo-Bayesian filter (based on the now infamous Paul Graham article). I then decided to do it a little differently as I wanted to do things that present tools didn't allow such as: word aging, different treatment of header and body tokens, pseudo-canonicalization of HTML text and attachments (ie. don't use HTML tags raw, actually tread what would be rendered "kinky" in red as "kinky" and "c/RED:kinky" so that not only is the word "kinky" going to count here as a bad word, it will doubly count if in HTML it would be rendered in red. As a side-effect, I decode attachments so that if the body is text but base64 encoded, I pull out the decoded tokens and am ignorant to the encoded type. On top of that, I get spam from various sources and teach it with that in the hopes that if a burst of messages is going about, one of the traps will see it first and increase the likelihood of catching it when it is actually sent to me. Now, this assume that any spam sent to me will also be sent to others, many others, and that it will look somewhat like previous spam email messages I have gotten --- but so far, that seems, to be a reasonable guess. I can think of other things to do aswell, but I've gotten bored with it :) --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog