cancel
Showing results for 
Search instead for 
Did you mean: 

Obvious Spam

N/A

Obvious Spam

Can someone explain why PlusNet is not able to detect as Spam messages with obvious keyswords like Viagra and clearly obscene pahses work is able to class the innocuous messaged as Spam? see examples belows (names and emails replaced by XXXX

The content below is not Spam according to Plusnet filters:
Men with big dicks are more successful in life than the ones with small dicks. So be successful with




The content below IS Spam according to your filters

Thanks xxxx - I will add your name to the growing list of support- and I will keep you informed, xxxxxx
----- Original Message -----
From: xxx xxxxxx
To: xxxxxxxx@xxxx.gov.uk
Sent: Tuesday, July 17, 2007 9:16 PM
Subject: [SPAM] Cycle Path to xxxxx


In response to your note in the Lower Dever News, I would like to express an interest in a cycle path from South Wonston alongside the A33/A34 to Winnall, especially if it could also link with the cycle route from Kings Worthy into the city centre. The first part of this route (from South Wonton to King's Worthy) could be provided by upgrading (i.e. tarmacing) the old railway line.

In addition off road cycle path from xxxxxx to the city in vincinity of the station also be very useful as the amount of traffic on the old A34 (from/to South Wonston) and Andover road to the Three Maids Hill roundabout make this cycle journey risky.
6 REPLIES
Community Veteran
Posts: 3,364
Thanks: 15
Registered: 06-04-2007

Obvious Spam

If your e-mail client allows you to see 'Full Headers', it is probably a menu option you select whilst viewing an e-mail, it will contain a line called "X-DSPAM-Factors:" and following that you will see the random junk it used to decide if the message is /not SPAM.

DSPam is using far, far too much information from the e-mail headers rather than the message body. Sad

SW.
--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
N/A

Obvious Spam

Quote
DSPam is using far, far too much information from the e-mail headers rather than the message body. Sad
I agree - DSPAM is identifying terms such as
PN+VirusFiltered, 0.99000

which many emails originally received by PlusNet customers will contain. It needs a bit more tweaking and input from PlusNet staff to discount these keywords.
Community Veteran
Posts: 2,822
Thanks: 153
Fixes: 2
Registered: 05-04-2007

Obvious Spam

Firstly, I know hardly anything about spam filtering and DSpam.

Just wanted to say that the filtering solution on my hosting company (and I don't know what techology it is), I like because it gives a list of rules and an indication as to why something is classified as spam for example:

Quote
Content analysis details: (23.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.0 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
2.1 RCVD_FORGED_WROTE2 RCVD_FORGED_WROTE2
4.4 RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)
4.5 FH_MSGID_XXBLAH Common sign in msg-id's 12/21/2006
3.1 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
0.0 T_TVD_FW_GRAPHIC_ID1 BODY: T_TVD_FW_GRAPHIC_ID1
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
2.5 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
2.4 PART_CID_STOCK Has a spammy image attachment (by Content-ID)
0.8 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image

and
Quote
Content analysis details: (9.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
4.2 MID_DEGREES MID_DEGREES
1.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
0.0 HTML_MESSAGE BODY: HTML included in message
2.8 DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)

It's not perfect, certainly some spam I get (about 20-25%) doesn't get tagged .. but I think I've only seen one false positive.

(Actually I've just looked in the headers and it seems to be SpamAssassin 3.2.0).
Liam
Grafter
Posts: 2,083
Registered: 04-04-2007

Obvious Spam

I'm passing all this feedback through to our networks team.

Tomorrow, we'll be starting our trial of third party hardware which can be used to block and/or tag spam. When it initially goes live, it won't actually be in an active state - and mail will just passthrough. We'll have it analysing though, in preparation for running it as a trial.
Liam
Grafter
Posts: 2,083
Registered: 04-04-2007

Obvious Spam

One of our Networks guys recognises that filtering as SpamAssasin, hunthome. We used that some time back, but with the volume of mail we handle now it just can't cope - and it doesn't scale very well.

To work out how our dspam filtering works, take a read of this : http://www.process.com/precisemail/bayesian_filtering.htm

Unfortunately, it's mathematics... and will never get to be 100% accurate. We can only continually train it to help the spam filters get as accurate as possible.

Spammers are, unfortunately, getting to be just as good to get around the bayes filtering.

The criticalpath trial will give us an oppertunity to try a different method of spam filtering and see how it works in our platform.
alanPN
Grafter
Posts: 27
Registered: 01-08-2007

Obvious Spam

I haven't had an answer to a previous post yet - are you using the A1200 or C2000 version of your new hardware?