Unmarked SPAM - very obvious
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Unmarked SPAM - very obvious
Unmarked SPAM - very obvious
31-08-2007 9:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My own SpamAssassin rated it as a score of 27, where under 5 is not spam.
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on myth.fishter.org.uk
X-Spam-Level: ***************************
X-Spam-Status: Yes, score=27.2 required=5.0 tests=BAYES_99,FH_HELO_EQ_D_D_D_D,
HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,NORMAL_HTTP_TO_IP,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,
STOX_REPLY_TYPE,TVD_FINGER_02,URIBL_BLACK,URIBL_JP_SURBL autolearn=spam
version=3.2.3
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE
* 2.1 TVD_FINGER_02 TVD_FINGER_02
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 4.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
* 2)
* 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?74.135.102.144>]
* 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [74.135.102.144 listed in dnsbl.sorbs.net]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [74.135.102.144 listed in zen.spamhaus.org]
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 60]
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 60]
* 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: 91.104.40.177]
* 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: 91.104.40.177]
Received: from myth.fishter.org.uk (myth.fishter.org.uk [127.0.0.1])
by myth.fishter.org.uk (8.13.8/8.13.8) with ESMTP id l7VJn9ml010244
for <xx@xx>; Fri, 31 Aug 2007 20:49:13 +0100
X-Daemon-Classification: INNOCENT
Envelope-to: xx@xx
Delivery-date: Fri, 31 Aug 2007 18:35:58 +0000
Received: from mail.plus.net [212.159.10.1]
by myth.fishter.org.uk with POP3 (fetchmail-6.3.6)
for <xx@xx> (single-drop); Fri, 31 Aug 2007 20:49:13 +0100 (BST)
Received: from 74-135-102-144.dhcp.insightbb.com ([74.135.102.144])
by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1IRBLZ-0005RP-ER
for xx@xx; Fri, 31 Aug 2007 18:35:57 +0000
Received: from lsbjg.on ([212.90.64.224]) by 74-135-102-144.dhcp.insightbb.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 31 Aug 2007 13:45:10 -0500
Message-ID: <002f01c7ebff$0edc3990$e0405ad4@lsbjg.on>
From: <yy@yy>
To: <xx@xx>
Subject: dude this is not even on MTV yet
Date: Fri, 31 Aug 2007 13:45:10 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="windows-1252";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
x-open-relay: 74.135.102.144 is in a black list at bl.spamcop.net
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Fri Aug 31 19:35:58 2007
X-DSPAM-Confidence: 0.5697
X-DSPAM-Improbability: 1 in 133 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Factors: 27,
Delivery-date*31+Aug, 0.00759,
Date*Fri+31, 0.00863,
To*fishter.org.uk>, 0.99000,
Received*fishter.org.uk, 0.99000,
Received*45+10, 0.01000,
Received*10+0500, 0.01000,
Envelope-to*fishter.org.uk, 0.99000,
my+server, 0.01000,
Date*31+Aug, 0.01169,
Received*0500, 0.01761,
Received*31+Aug, 0.02679,
Received*31+Aug, 0.02679,
Received*45, 0.03809,
server+This, 0.03832,
Received*13+45, 0.04430,
Received*31, 0.07800,
Received*31, 0.07800,
Click+on, 0.08310,
server, 0.08790,
x-open-relay*is, 0.91095,
x-open-relay*a, 0.91095,
x-open-relay*black+list, 0.91095,
x-open-relay*list, 0.91095,
x-open-relay*bl.spamcop.net, 0.91095,
x-open-relay*at, 0.91095,
x-open-relay*at+bl.spamcop.net, 0.91095,
x-open-relay*black, 0.91095
Re: Unmarked SPAM - very obvious
31-08-2007 10:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Unmarked SPAM - very obvious
31-08-2007 11:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
To my mind, any spam detection solution that notes that the mail came from an open relay and is still only 1 in 133 chance of being spam is broken.
I've already forwarded the mail to the training address and it's been "learnt" by my own spam solution. I'm just trying to do as much as possible to stop the ever-rising tide of rubbish that we seem to collect in our inboxes, whether it's our own careless fault or the result of malicious attacks like the one PlusNet suffered.
Re: Unmarked SPAM - very obvious
01-09-2007 6:24 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: linux Spam filters are not 100% reliable. Nor will they ever be. Nor can they ever be.
No, but they certainly can do considerably better than the PN spam system, which barely scrapes 60% accuracy. The OPs query seems quite fair to me.
Quote from: linux Deal with it.
Bit harsh perhaps? We do all deal with it on a daily basis, usually more than once a day. Which tends to reinforce the opinion that spam filtering of PN mail is very much less accurate than the average, particularly in regard to false positives.
Re: Unmarked SPAM - very obvious
01-09-2007 9:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The open relay tag isn't actually used as part of the determination, it's in the mail header as a piece of legacy information from when it was used. Dspam will pick up on it and use it as one or more of the factors.
It's always difficult running spam filtering on userbase where there's this many users, we have in excess of a million mailboxes. Spam filtering will often work better on a local level because it will base the spam detection and learn from just the mail that you get whereas the filtering we do is based on learning from mail sent in by a limited selection of customers so there are no guarantees that it will learn that the spam you are getting is spam (or not spam as the case may be) as quick. A local filter you can stick three spams in and it will pick up straight away any more are spam, but three out of the thousands that are sent to the spam address may not be learnt.
I sometimes think that the best way of filtering spam is for everyone to run a local spam filter, maybe something that reminds me of how the TV ratings are calculated. A sub-section of customers all run local spam filtering using Spamassassin or similar and train their local clients with the spam/not spam and their results are collated hourly/daily to use on the customer base as a whole. I've no idea if that could work, but what do you think? You're determining the spam of a million customers based on the spam of say 500, you can still have the spam/not spam addresses for everyone to use.
Enterprise Architect - Network & OSS
Plusnet Technology
Re: Unmarked SPAM - very obvious
01-09-2007 10:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I enabled f9 spam filtering a few weeks ago and my 'customers' are really noticing the difference.
I could have taken all the glory for easing their lives but I confessed.
It makes more work for me checking for false positives cleaning the spam box two or three times a day but that's life.
I did have reservations about it when first announced but now I find it well worth while.
Dick
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Re: Unmarked SPAM - very obvious
03-09-2007 4:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think it sounds like a good idea. However, I think it's already been implemented in Razor. It's a collaborative database of spam.
Re: Unmarked SPAM - very obvious
03-09-2007 6:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Enterprise Architect - Network & OSS
Plusnet Technology
Re: Unmarked SPAM - very obvious
04-09-2007 9:42 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Plusnet could even run their own DCC server to allow flooding of checksums to other servers and help the worldwide spam problem - I'm sure you guys process enough messages to qualify
Maybe two suggestions for PugIT?
B.
Re: Unmarked SPAM - very obvious
04-09-2007 4:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Barry Maybe two suggestions for PugIT?
Thanks for this suggestion. I've noted the two filtering suggestions in the PUG forums (here) with a view to adding this as a PUGIT issue.
David
Re: Unmarked SPAM - very obvious
04-09-2007 11:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Better to work on reputations for legitimate email sources?
Re: Unmarked SPAM - very obvious
05-09-2007 8:31 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: MrToast But if these check sum schemes started to have effect the SPAMers would just use the ever increasing botnet processing power to generate more diverse content.... wouldn't they.
Spammers are already working on generating more diverse content. I would suggest this would be "one more string to the fiddle" in the anti-spam solution
Quote from: MrToast Better to work on reputations for legitimate email sources?
Again - the "one more string" theory
B.
Re: Unmarked SPAM - very obvious
05-09-2007 8:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: fishter @Dave
I think it sounds like a good idea. However, I think it's already been implemented in Razor. It's a collaborative database of spam.
I'm glad Razor has already come up. I use a webmail client that has fantastic spam filtering - had a look at some of the headers yesterday and noticed that the filtering was from Razor. I hadn't got around to mentioning it to anyone yet.
/slaps own wrist
It's definitely one to look at.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Unmarked SPAM - very obvious