[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New World Order is Here !



* ben <benfoley@rcn.com> spake thus:
> On Saturday 02 February 2002 08:26 pm, Stig Brautaset wrote:
>> *  Bruce Burhans <bburhans@earthlink.net> spake thus:
>>> Can you believe this? Does anyone know what those initial characters
>>> are?
>>
>> Can you please stop reposting spam to the list? My spamfilter caught the
>> original spam, but there is precious little I can do about followups to
>> spam when (a) the subject line is changed, and (b) there is no
>> "References:" or "In-Reply-To:" header left in the mail.
>>
>> I should plonk you where you stand worthless human[1]! ;)
>>
>> [1] -- Nothing personal; this is an issue that have irritated me a long
>>        time, unfortunately for you I am fed up now and need to vent my
>>        frustration.
> 
> wouldn't that be more an issue of the inefficacy of your filters?

Err... No? Whatever gave you that idea? Did you not read my post? 

My spam filter caught the original spam, based on such things as sender
address, character set used, adjacent crap characters in subject
(!@#$%^&* etc.) and body, whether the subject is empty or lacks lower
case characters (all caps subjects are seldom legit mail), certain
words in the body and more. None of these are enough to trigger the
filter on their own--that would create far too many false positives. 

However, when a follow-up to a previously caught spam is detected
(using the references/in-reply-to header) it is instantly filed as spam.

When the OP reposted the spam he did so with a "legal" subject line,
announcing a (to me) understandable charset, a non-depreciated sender
address and without the references/in-reply-to header that would link it
to the previous spam so I could instantly blackhole it.

Please explain to me, in the light of this information, how I can
improve my spam-detection routines so that I would be able to catch the
original post of this tread. I am genuinely interested to find out how
you think that is possible.

Stig

-- 
brautaset.org
Registered Linux User 107343

``Oh, how I wish `undo' was ported to everyday life.''



Reply to: