nightdesigns
Gone missing, back soon
Premium
join:2002-05-31
AZ
 ·Cox HSI
| Spammers getting around Spam Assassin
My web provider is using Spam Assassin which for years has worked great, but I see companies have figured out how to get their "score" low enough to get around the filters. I'm now getting 10-15 pieces a day under the radar (still blocks 50+/day). Any tips on block these e-mails too? I've tried specific word filtering, etc, which has helped a little, but not much.
I'm already running a score threshold of 3. I'm hesitatnt to open the spam e-mails to see what the scores are, because it loads the images in the e-mail, and guess what, more spam!
--
The _REAL_ OC: Cookie-cutter soccer moms driving their SUVs through the McDonalds drive-through, blowing away their child's college education on their $600/month car payment, $4500/month mortgage payment, and their plastic surgery/boob job/botox bill. |
|
rmturner
join:2001-10-18
Kennesaw, GA
·Comcast
| Are they using 3.0? And do you have access to your user_prefs file? Someone at my webhost suggested adding these rules to your user_prefs, and they are catching everything for me. Almost zero false positives.
score X_MESSAGE_INFO 10
score URIBL_SBL 10
score URIBL_OB_SURBL 10
score URIBL_PH_SURBL 10
score URIBL_WS_SURBL 10
score URIBL_SC_SURBL 10
score URIBL_AB_SURBL 10
score RCVD_IN_XBL 10
score RCVD_IN_SBL 10
You can check out the default scoring for version 3.0 here:
»spamassassin.apache.org/tests_3_0_x.html
and customize your user_prefs accordingly.
--
"No matter how I struggle and strive, I'll never get out of here alive". Hank Williams |
|
madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD | reply to nightdesigns
I had to drop down to 2 because so many "pump 'n dump" spams were getting through. I'm building up quite a whitelist, but it's worth it.
mady
--
Honi soit qui mal y pense |
|
Cybertoad
join:2001-11-08
Houston, TX
| reply to nightdesigns
quote:
My web provider is using Spam Assassin which for years has worked great, but I see companies have figured out how to get their "score" low enough to get around the filters.
I am not sure who you are hosting with but the hosting provider where I work uses a lot more than just Spamassassin and continuously monitors and updates the spam protection to adapt to all spammer changes on
a daily basis.
quote:
I'm already running a score threshold of 3.
I would be a little leary reducing the score even that
low because it sets up the possibility of trapping HAM
(non-spam) messages by mistake. There are other much
better ways of doing that without reducing the score.
I would leave the spam trigger score higher and adjust
the scoring values on the individual rules themselves.
quote:
I'm hesitatnt to open the spam e-mails to see what the scores are, because it loads the images in the e-mail, and guess what, more spam!
I use Mozilla Thunderbird for my POP3 email client and it
has the ability to block images until you approve that
they be displayed so that you are able to view messages
without anything being reported back to the spammer. It
also isn't vulnerable to a lot of the security problems
that are common to Outlook and Outlook Express. Plus
there is a "Junk" mail feature with Bayes learning built in
that can sort spam out of your inbox immediately upon
checking your mail.
If you are not using Mozilla Thunderbird, you might want
to seriously consider switching over. |
|
