Hosting Provided By

Re: Spam PDF

From: arni <mail(at)arni.name>
Date: Fri Jun 29 2007 - 17:34:04 EDT

bgodette@idcomm.com schrieb:
> arni wrote:
>

>>  bgodette@idcomm.com  schrieb:
>>     
>>> Sounds more like "if we didn't rely on other people to have seen this
>>> particular abusive host before us and our learning system to have seen
>>> past examples of spam that looks a whole lot like this one from headers
>>> alone to detect this particular spam, we'd fail to catch it until we've
>>> trained our system and the abusive host has been reported to various lists".
>>>
>>> That's what makes policy (e.g. MTA checks, BOTNET) and behavior based
>>> detection work as well as it does, it's proactive instead of reactive.
>>>
>>>   
>>>       
>> I have no spam that doesnt score at least BAYES_80 - BAYES_80 is 3.5
>> points here, BOTNET is 3 points here, makes 6.5 total and a bust.
>>
>> Doesnt have anything to do with beeing a late reciever as i recieve this
>> spam on a whole lot of addresses and not just one - please dont tell me
>> you think i'm a late reciever on all.
>>
>> arni
>>     
>

> No all BAYES is saying you've received and trained spam in the past that
> has bits and pieces that look like this new spam. If a spammer reduces
> the amount of tokens that can match negatively and does nothing else
> they'll end up with a meaningless bayes score (right around BAYES_50).
> Add a bit of "likely to be trained as ham" bits from a common mailing
> list from the day before, and use that in combination with an
> image/attachment/short spam and you've got a nice low bayes score. Works
> great against large site-wide bayes databases, not so much against
> per-user unless the user happens to be subscribed to whatever ham source
> the spammer is using. <joke>Maybe we should train all our mailing lists
> as spam!</joke>

>
>

i will use one of the best quotes here that were ever created on the internet:

"You make your mouth full of technical bullshit when only facts talk"

By some random guy

;-) arni Received on Fri Jun 29 17:34:43 2007

This message: [ Message body ]
Next message: bgodette(at)idcomm.com: "Re: Spam PDF"
Previous message: John Rudd: "Re: Spam PDF"
In reply to: bgodette(at)idcomm.com: "Re: Spam PDF"
Next in thread: bgodette(at)idcomm.com: "Re: Spam PDF"
Reply: bgodette(at)idcomm.com: "Re: Spam PDF"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Fri Jun 29 2007 - 17:40:03 EDT