[sclug] Any thoughts on how to block these? (long-ish)

Andy Arbon sclug at andrewarbon.co.uk
Mon Jan 12 17:19:46 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

The technique I use to deal with emerging trends in spam is to have all
my email run through SpamAssissin (updated on a strict
whenever-I-remember schedule). Anything with a score over 10 gets
/dev/null'ed, anything with a score over 5 goes straight in the bin (I
casually flick through the trash before emptying it, but if I thought I
would actually get a false positive in there I would raise the threshold
so that I don't - it's only meant to be a last safety net.

After that I use Mozilla's Junk mail Bayesian filter. This seems to be
more spam-happy than spam assassin and will periodically tag non spam as
spam. For this reason I have it move mails it considers spam into a
folder that is imaginatively called caughtspam, and once every day or
two I look through this, remove any false positives and then run the
mails that are left through sa-learn, which is the program that teaches
SpamAssassin's Bayesian filters.

This approach seems to work quite well. It may look long-winded, but
it's really not once it's going. It means that any new spam trend only
affects me for a day or two before the various filters learn it and
adapt. I should point out that I receive a vast amount of spam, due to
having my own domain and plastering my email address everywhere without
anti-spamming it (what's the point in an email address if people can't
find it and use it to find you?), so my methods might be overkill for
someone who gets less spam.

Besides, I've found that with spam it's not as important to make sure
that you NEVER have to spend any time dealing with it as it is to make
sure it doesn't interrupt you or make you think you have genuine mail to
~ deal with.

Anyone else have any different techniques?

Andy (who seems to be called Leon in this photo ;) :
http://www.sclug.org.uk/photos/index.php?spgmGal=Install_2002&spgmPic=0&spgmFilters=#pic
)

Simon Huggins wrote:
| On Mon, Jan 12, 2004 at 09:11:56AM +0000, Patrick Kirk wrote:
|
|>I hope this plea for help gets past people's spam filters!
|
|
|>My spam filters are being beaten by up to 20 of these emails a day.
|>They all have the following characteristics.
|>1. Random words in the subject line, usually lower case
|>2. Lots of random words in the body in a seperate block from the 'pitch'
|>3. Words like 'click' are obfusticated
|>4. The X-Mailer header is a set of random words
|
|
|>I would guess that the randomness is a way of beating Bayesian filters.
|>My only thought so far has been to exclude all email not from a list
|>of known mail agents but that's cumbersome.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAAtZrX3TTUvZURBERAqa+AKCUIMQXmnGov+9jlaHKDNDOF/XzzQCeKwKb
z5PZA+P6N2yTmcedR3IyT9I=
=AvkR
-----END PGP SIGNATURE-----



More information about the Sclug mailing list