[Mimedefang] Anyone seeing sneaky spam?
Keith Patton
kpatton at dallas.photronics.com
Mon Mar 24 12:15:01 EST 2003
Idea!!
Is there a way to do a reverse dns lookup on the negative scores? The
spammers may try to say they are from a legimate place but they can't steal
ip numbers from a legimate place.
for example, if they say they are from ebay.com, well if we reverse their
ip address it won't reverse to ebay.com domain, they won't get the high
negative score.
thoughts?
-Keith
"David F. Skoll" wrote:
> On Mon, 24 Mar 2003, Whatley, Lee (CBA) wrote:
>
> > What types of things are getting put in that generate the negative
> > scores?
>
> Well, I don't want to help spammers out too much. :-)
>
> Take a look at the 50_scores.cf file for some of the larger negative
> rules. It doesn't take much imagination to go from there...
>
> > If it is header information couldn't MIMEDefang make sure this
> > is stripped out before SA gets ahold of it?
>
> Unfortunately, there's no way to know if the information is legitimate
> or put in there to fool SA. I expect the score weights will be quite
> different next time the SA team releases the results of the genetic
> algorithm on a "modern" spam corpus.
>
> For now, I'm considering zeroing out some of the negative-weight scores.
>
> --
> David.
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kpatton.vcf
Type: text/x-vcard
Size: 304 bytes
Desc: Card for Keith Patton
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20030324/2df8a88b/attachment.vcf>
More information about the MIMEDefang
mailing list