|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Spam PDF
Date: Fri Jun 29 2007 - 17:11:44 EDT
arni wrote:
> bgodette@idcomm.com <mailto:bgodette@idcomm.com> schrieb:
>> >> Sounds more like "if we didn't rely on other people to have seen this >> particular abusive host before us and our learning system to have seen >> past examples of spam that looks a whole lot like this one from headers >> alone to detect this particular spam, we'd fail to catch it until we've >> trained our system and the abusive host has been reported to various lists". >> >> That's what makes policy (e.g. MTA checks, BOTNET) and behavior based >> detection work as well as it does, it's proactive instead of reactive. >> >>
> I have no spam that doesnt score at least BAYES_80 - BAYES_80 is 3.5
> points here, BOTNET is 3 points here, makes 6.5 total and a bust.
>
> Doesnt have anything to do with beeing a late reciever as i recieve this
> spam on a whole lot of addresses and not just one - please dont tell me
> you think i'm a late reciever on all.
>
> arni
No all BAYES is saying you've received and trained spam in the past that has bits and pieces that look like this new spam. If a spammer reduces the amount of tokens that can match negatively and does nothing else they'll end up with a meaningless bayes score (right around BAYES_50). Add a bit of "likely to be trained as ham" bits from a common mailing list from the day before, and use that in combination with an image/attachment/short spam and you've got a nice low bayes score. Works great against large site-wide bayes databases, not so much against per-user unless the user happens to be subscribed to whatever ham source the spammer is using. <joke>Maybe we should train all our mailing lists as spam!</joke> Received on Fri Jun 29 17:12:46 2007
This archive was generated by hypermail 2.1.8 : Fri Jun 29 2007 - 17:20:04 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |