false positives on rule "FM_RATSIGN_1106" and what to do?

[Glenn Steen]

On 30/05/07, Chris Yuzik <itdept at fractalweb.com> wrote:
> Hugo van der Kooij wrote:
> > Just out of curiosity. What is the significance of this particular
> > message ID or this difference in timezones? I have to admit I get a
> > shitload of spam from the USA and some of the US states are -7 hours
> > from my timezone. But I fail to see the logic of this construct at the
> > moment.
> Hugo,
>
> I agree with you. Why is spam being tagged based on the time zone of the
> sender and part of the message ID? How exactly does this become part of
> the fingerprint in the first place?
>
> Chris

I'm in no way responsible for that rule (not even remotely:-), but I
can well guess that someone very frustrated noticed that all that
untagged spam was a) from the american west coast (or is that just
"off the coast" normally? .cx etc?), and b) seemed to have similar,
possibly forged, Message-IDs... Perhaps not reflecting over the amount
of computers in that part of the world (huge) and the amount of less
than well maintained Windoze boxes in that area (still huge, I
reckon:-).

So ... that way you could easily end up with rules that are more or
less insane:-D. Especially insane to use if one happen to be in that
area:P.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se