[Gllug] Spam
Chris Ball
chris at void.printf.net
Fri Feb 22 00:30:37 UTC 2002
>>>>> "nix" == nix <nix at esperi.demon.co.uk> writes:
nix> Allow me to second this recommendation. Vipul's Razor in
nix> particular is very nifty (while SpamAssassin can easily be
nix> replaced with something like, say, the SpamBouncer, there is no
nix> real replacement for the Razor.)
I'm not as impressed with Razor. Taking a hash is a good idea, but
breaks as soon as you get spam that includes a random string in the
subject/body - which is fairly common, lately. SpamAssassin, on the
other hand, seems to treat this as _indicative_ of spam. Note also,
below, that SpamAssassin doesn't treat presence in Razor as indicative
of spam on its own - 3 points out of a 5 minimum for the mail to be
spam. This would make most false submissions to Razor ineffective.
nix> If it isn't, and you submit a mail as spam, and you read mail
nix> offline, it's time to get hacking Razor, because it doesn't
nix> support that yet.
The other thing I'm unimpressed with about Razor is that development
by users isn't sought too heavily; it's even closed-source, in one case,
where Vipul won't admit what trust metric he's using on razord to
protect against blacklist abuse.
I decided to paste some spamassassin output; it's quite impressive.
Here's one that hit my spam folder earlier today:
SPAM: Content analysis details: (20.43 hits, 5 required)
SPAM: Hit! (1.2 points) From: does not include a real name
SPAM: Hit! (1 point) Subject contains lots of white space
SPAM: Hit! (1 point) To: has a malformed address
SPAM: Hit! (1.94 points) From: ends in numbers
SPAM: Hit! (2.37 points) Invalid Date: header (timezone does not exist)
SPAM: Hit! (0.9 points) BODY: Talks about lots of money
SPAM: Hit! (1 point) BODY: Claims you can be removed from the list
SPAM: Hit! (0.01 points) BODY: Claims you can be removed from the list
SPAM: Hit! (1.2 points) BODY: HTML mail with non-white background
SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/
SPAM: Hit! (3.33 points) HTML-only mail, with no text version
SPAM: Hit! (1 point) Forged eudoramail.com 'Received:' header found
SPAM: Hit! (1 point) Received via a relay in inputs.orbz.org
SPAM: [RBL check: found 202.50.120.193.inputs.orbz.org.]
SPAM: Hit! (1.48 points) Subject contains a unique ID
That's all for one mail. As you can see, it picked up 20 spam points,
with 5 required for a move to =spam.
SpamAssassin++.
- Chris.
--
$a="printf.net"; Chris Ball | chris at void.$a | www.$a | finger: chris@$a
"In the beginning there was nothing, which exploded."
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list