[sclug] Any thoughts on how to block these? (long-ish)

James Wyper jrwyper at yahoo.co.uk
Mon Jan 12 18:03:33 UTC 2004 

I do something similar but simpler, again it works well against any new
tricks that spammers try:

I use spamassassin.

I have two mail folders called "almost certainly spam" and "probably
spam".  Procmail puts spam with a score of 15+ into the first, and 4-15
into the second (I could probably reduce this to 3-15).

I have two other mail folders, which Procmail doesn't touch, called
"spam-for-learning", and "notspam-for-learning".  Periodically I scan
the "almost certainly / probably spam" folders and invariably move
everything into "spam-for-learning" (I think I've had one false
positive in the 2-3 months I've been doing this).  I also move spam
that gets through SpamAssassin and into my inbox to
"spam-for-learning".
"notspam-for-learning" is effectively my trash folder - all non-spam
email is moved here when it's deleted.

Every so often - at least once a week and whenever I get a spam that's
passed the filter - I run sa-learn on * both * "spam-for-learning" and
"notspam-for-learning" (actually I move the mails out of their
c-client.mbx format mailbox into a standard mbox one using mailutil
first).  One day I'll look up how to use cron and automate this.

This works for me, despite having one email address that's been around
for 5+ years now (and despite my wife breaking the cardinal rule and
replying to some of the messages asking for them to stop).  

HTH
James.


 --- Andy Arbon <sclug at andrewarbon.co.uk> wrote: > -----BEGIN PGP
SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> The technique I use to deal with emerging trends in spam is to have
> all
> my email run through SpamAssissin (updated on a strict
> whenever-I-remember schedule). Anything with a score over 10 gets
> /dev/null'ed, anything with a score over 5 goes straight in the bin
> (I
> casually flick through the trash before emptying it, but if I thought
> I
> would actually get a false positive in there I would raise the
> threshold
> so that I don't - it's only meant to be a last safety net.
> 
> After that I use Mozilla's Junk mail Bayesian filter. This seems to
> be
> more spam-happy than spam assassin and will periodically tag non spam
> as
> spam. For this reason I have it move mails it considers spam into a
> folder that is imaginatively called caughtspam, and once every day or
> two I look through this, remove any false positives and then run the
> mails that are left through sa-learn, which is the program that
> teaches
> SpamAssassin's Bayesian filters.
> 
> This approach seems to work quite well. It may look long-winded, but
> it's really not once it's going. It means that any new spam trend
> only
> affects me for a day or two before the various filters learn it and
> adapt. I should point out that I receive a vast amount of spam, due
> to
> having my own domain and plastering my email address everywhere
> without
> anti-spamming it (what's the point in an email address if people
> can't
> find it and use it to find you?), so my methods might be overkill for
> someone who gets less spam.
> 
> Besides, I've found that with spam it's not as important to make sure
> that you NEVER have to spend any time dealing with it as it is to
> make
> sure it doesn't interrupt you or make you think you have genuine mail
> to
> ~ deal with.
> 
> Anyone else have any different techniques?
> 
> Andy (who seems to be called Leon in this photo ;) :
>
http://www.sclug.org.uk/photos/index.php?spgmGal=Install_2002&spgmPic=0&spgmFilters=#pic
> )
> 
> Simon Huggins wrote:
> | On Mon, Jan 12, 2004 at 09:11:56AM +0000, Patrick Kirk wrote:
> |
> |>I hope this plea for help gets past people's spam filters!
> |
> |
> |>My spam filters are being beaten by up to 20 of these emails a day.
> |>They all have the following characteristics.
> |>1. Random words in the subject line, usually lower case
> |>2. Lots of random words in the body in a seperate block from the
> 'pitch'
> |>3. Words like 'click' are obfusticated
> |>4. The X-Mailer header is a set of random words
> |
> |
> |>I would guess that the randomness is a way of beating Bayesian
> filters.
> |>My only thought so far has been to exclude all email not from a
> list
> |>of known mail agents but that's cumbersome.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFAAtZrX3TTUvZURBERAqa+AKCUIMQXmnGov+9jlaHKDNDOF/XzzQCeKwKb
> z5PZA+P6N2yTmcedR3IyT9I=
> =AvkR
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> sclug mailing list
> sclug at sclug.org.uk
> http://www.sclug.org.uk/mailman/listinfo/sclug 

________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html

More information about the Sclug mailing list