Topic 'methodology of anti-spam software' in forum 'Scam and Phishbusters'

Topic 'methodology of anti-spam software' in forum 'Scam and Phishbusters' - dslreports.com http://www.dslreports.com/forum/methodology-of-antispam-software-14103465 en Thu, 24 Mar 2022 20:22:11 EDT Thu, 24 Mar 2022 20:22:11 EDT Re: methodology of anti-spam software http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14150608
And then of course for me personally, procmail screens out messages with certain subject lines with several creative variations, and quarantines anything not sent to me (one of my addresses has to be specifically in the To: or Cc: line). You also are on the outs if you try to write to me with no text/plain part (such as ONLY text/html). It's certainly not extensive, but these measures alone, without all that Bayesian classification, deflects a lot for me. I see how much is rejected when I look every couple of days at my Sendmail and procmail logs, and it's dozens, sometimes hundreds, per day for me.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here
Jeopardy! replies REALLY suck!]]> http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14150608 Tue, 16 Aug 2005 22:36:24 EDT Re: methodology of anti-spam software http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14147253
We use esoft's ThreatWall (chose the build-your-own box option) and have found it very effective at blocking spam. There are other commecially available solutions that work similarly, but ThreatWall is the only one I've set up and configured. It uses a multipronged approach: verifying the apparent sender matches the IP address, checking the IP address for known open relays, checking blacklists of known spammers and, last but not least, a baysian filter which learns our vocabulary from both "good" and "bad" emails.

Unless one has their threshold for quarantine set extremely low (as in, 0), *some* Spam is likely to slip through. Lots of the refinance spam, for example, scores very low on the Spam-o-meter.

It's very important that a baysian filter be tuned to your enterprise. For example, we work in the Construction Industry, where the word "erection" isn't necessarily a red flag. After our filter had interpreted a few thousand messages, our false positives are extremely low. And we DO now have our threshold for quarantine set at zero...

BTW, your spam-recipient probably didn't "sign up for things" as much as his email address might have been in the address book of a person with an infected computer. Or, perhaps your coworker's email address was snatched by some bot and resold along with 14 million other "opt-in" email addresses. Or, it could be easily "guessed" by a random generator.

I'm not saying that the user is never at fault in these situations. However, it is quite difficult to keep one's email address completely private when working with the outside world. In other words, he probably didn't solicit the "Animal" email. Whether or not he clicked on it is another matter ;) .

Dave
--
"...enjoy every sandwich..." Warren Zevon 1947-2003]]> http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14147253 Tue, 16 Aug 2005 15:15:06 EDT Re: methodology of anti-spam software http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14103592 said by lildevil:

but i'm curious, is it not possible for anti-spam software to filter a string of words?Certainly it's possible to filter a string of words...but which words do I filter? If I filter out all emails that contain the word 'cock', nobody's going to be able to email your Bangcock office, if I filter the word Viagara, they'll write it \/iagara...etc. etc. Filtering single strings or common words works to a point, but not once the miscreants are actively trying to get around your simple filtering techniques.

said by lildevil:

or does the software work differently? i'm reading up on some posts that the software assign scores, and so on. anything i can read up as how they work? for the longest time i've been ignorant on the subject but i'm curious now. :)

Well, I'm glad you've done some reasearch before you start asking questions, that's great. :)

Most modern anti-spam software does work on scores. Many have common traits that they look for, some even have known databases of what spam emails look like, and others have really smart adaptive databases that look at emails tagged as spam and find emails that look like spam as well and tag them too. What scroes allow for is an email that contains the word 'Viagara' (or any of a hundred variations on that) will get a positive score, but one that includes traits that look more real (such as a valid SPF record) will count as a negative. Once all of the scores are tallied they're added together to reach a simple number, which is checked against your set threshold. If it's in violation of your threshold, it's marked as spam, and your software can deal with it however it likes.

As for where you can go to look, I find that people learn best by doing rather than by reading. Install SpamAssassin on your home computer and become your own spam admin. You'll learn lots of the ins and outs faster than we could ever explain it to you.
--
Some people think I'm an idiot. I disagree, but idiocy is subjective--so they may well be right. With this in mind, take everything I post with a grain of salt, eh?]]> http://www.dslreports.com/forum/Re-methodology-of-antispam-software-14103592 Wed, 10 Aug 2005 14:42:33 EDT methodology of anti-spam software http://www.dslreports.com/forum/methodology-of-antispam-software-14103465
thanks.]]> http://www.dslreports.com/forum/methodology-of-antispam-software-14103465 Wed, 10 Aug 2005 14:26:52 EDT