spam after mailscanner what next? {Scanned}

Glenn Steen glenn.steen at gmail.com
Tue Oct 10 13:48:34 IST 2006 

On 10/10/06, Henry Hollenberg <hgh at rcwm.com> wrote:
> Hey gang,
>
>
> My mailscanner install is working very well, thanks to all on the list.
>
> I have noticed a couple of categories of remaining SPAM(ie looks_like_spam_to_me) that are getting thru:
>
> 1) probably valid companys that would honor a request for removal from their mailing lists.
>
> 2) dictionary attacks designed to beat the baysian engine/db.
>
>
>
> Number 1:
> I plan on cautiously contacting the lists I identify in #1 after manually screening them
> for controlling DNS authority and double checking them on the SPAM lists.  Does this
> sound reasonable?  Does anyone have a better way to handle these?
>
> Number 2:
> Have no idea how to attack these other than submitting them to spamcop or some such.
>
>
> Here is an example of this stuff:
>
> was the bass heavy style of Bob Marley's new age reggae that allowed him the access to the people. He abandoned the classic stylewas the bass heavy style of Bob Marley's new age reggae that allowed
> him the access to the people. He abandoned the classic style
>   while living, Bob Marley continues to influence people 25 years after his death (African Service News). His music and lyrics worked
> "If you know your history/ Then you would know where you coming from/ Then you wouldn't have to ask me/ Who the 'eck do I thinkThere are hundreds of thousands of people screaming for you on stage. The
> Prime Minister and leader of the opposition sit in the
>
>
> This stuff seems to do a pretty good job of defeating baysian, but it's funny it's instantly reconizible to me as SPAM.

Usually there is some kind of image (or similar unwanted content)
involved with these... They are pointless by themselves (as you've
noted:-). Did you setup ImageInfo or FuzzyOcr (SA plugins)?
Also, if someone has "washed away" the offending image/attached file,
you get this type of .... crap. And then there are the broken spams...
where the payload is simply missing due to spammers being klutzes:).
I'm sure there are some nice rules out there to detect those... Look
at www.rulesemporium.com ...

> Maybe I need to set up a CRAY in my garage with some AI software to catch this stuff.
Crays are overrated... Made a good sofa once upon a time though:-).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list