Re: Uhm.. - dslreports.com

Author	All Replies
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	reply to Kibbles Re: Uhm.. said by Kibbles : It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. Meh... With spam filters off, I'd be at several thousand a day; with them on, still getting a few dozen of the "Hi, It's Stan" (and the like) emails. They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether. -tom -- "Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
	to forum · permalink · · 2006-11-18 13:21:54 ·
sporkme drop the crantini and move it, sister Premium,MVM join:2000-07-01 Morristown, NJ ·Optimum Online	said by nixen : They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether. SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail. One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated. I would imagine if you greylist and use spamass, you don't see too much of this crap. I wonder how long it will be until they have botnet clients that are compliant enough to make their way through greylisting (ie: include a queue)? I mean if they can generate a unique image for each email, queueing sounds pretty darn simple in comparison.
	to forum · permalink · · 2006-11-18 17:48:46 ·
nixen Rockin' the Boxen Premium join:2002-10-04 Alexandria, VA ·Cox HSI ·Speakeasy	said by sporkme : SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail. One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated. Hmm... perhaps it would be helpful if I read the Release Notes to see these new tools? Just ran it in debug mode. Nifty tool. I got it `cron`ed now. said by sporkme : I would imagine if you greylist and use spamass, you don't see too much of this crap. Yeah, I use a greylist daemon. However, the bot-nets are getting a bit more sophisticated. They aren't just attempting single delivery any more. -tom -- "Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis
	to forum · permalink · · 2006-11-18 18:07:15 ·


Tuesday, 24-Nov 09:20:37	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF