Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Training spam filter - any point?
Pages: 1 2 [3] 4 5 ... 16
  Print  
Author Topic: Training spam filter - any point?  (Read 168796 times)
petervaughan
Usergroup Member

Posts: 2512


« Reply #30 on: June 02, 2007, 12:24:45 pm »

Just forwarding is of some use but the full benefits are attained when you include the headers.
br1anstorm

Posts: 5

« Reply #31 on: June 03, 2007, 12:39:15 am »

Thanks for the reply Ian.  Just to clarify (the idiot's guide), is it OK just to open the e-mail and click 'Forward' then add the despamchecker address? Will this do the job?  I have an aversion to actually opening them and that is why I was putting a tick in the box and clicking 'Forward' but I suspect that this is no good.

Some comments on this.  Just forwarding the spam message means (a) that PN's checker may not be able to see the original spam headers;  and (b) at least using Outlook Express, this means opening it, which could expose you to more risk (as it confirms to the spammer that your address is 'live').  Apparently in MacMail you can forward headers etc without having to open the message.

Over on the main PlusNet discussion forum there's a link to a useful guide prepared by Webwise - look in his posts there - which spells out how (in Outlook Express) to copy and send spam headers and texts to PN without having to open the offending message(s).

br1anstorm
poppy

Posts: 142

« Reply #32 on: June 03, 2007, 07:31:18 am »

Couldn't find the information that you alluded to - can you provide more details please?

Force 9
Joined 03 June 2004
petervaughan
Usergroup Member

Posts: 2512


« Reply #33 on: June 03, 2007, 10:06:53 am »

The thread is here

And the referenced guide is here although you should not be sending the spam as a new message as it suggests, and as I commented on in that thread.
jazz

Posts: 14

« Reply #34 on: June 03, 2007, 10:34:25 am »

These threads in PUG and the PlusNet Forums are all getting so confusing that the message I'm getting is:-

"Don't bother forwarding Spam to the Spamchecker because you'll probably open something you shouldn't, fail to attach headers or waste everyone's time with mistakes in the process.  It would probably be easier to just delete the things". 

I think that, until a simple solution/guide is found and published by PlusNet I'll just go for the "Delete" option and concentrate on training Thunderbird to to this for me automatically. huh
poppy

Posts: 142

« Reply #35 on: June 03, 2007, 12:26:56 pm »

Thanks for the link. Totally agree about the confusion. I definitely don't want to open the e-mail to insert any header information and in any case (I might be wrong) but if you haven't downloaded the spam into OE or other, the properties information does not seem to be complete in webmail. I will carry on just deleting until a method that doesn't include opening the mail is given.

Force 9
Joined 03 June 2004
jkerr82508

Posts: 2

« Reply #36 on: June 04, 2007, 03:23:24 pm »

Popfile, which I run locally has correctly identified all of the spam which has penetrated PN's spam filters. (I have configured Kmail to dump it to the wastebin.) When this new system was introduced I forwarded all of these to despamchecker, but when there was no apparent effect, I just gave up. It's a whole lot easier to just click on "Empty wastebin" than go through the contortions described here.

Jim
godsell4

Posts: 397

« Reply #37 on: June 04, 2007, 03:41:38 pm »

Popfile, which I run locally has correctly identified all of the spam which has penetrated PN's spam filters.

Same here, JunkMatcher is a plugin for mail.app on MacOS X, it too manages to identify all the SPAM messages PN do not.

Makes you think really.

SW.

BBYW1/10GB
jelv1

Posts: 2130

« Reply #38 on: June 04, 2007, 10:27:58 pm »

I have been wondering why I have received no emails from two Freecycle groups I belong to on yahoofor the last couple of days - between them I would expect to receive 30-50 emails a day. So I've just been to check, and as expected I find that the email address is shown on Yahoo as bouncing. And what do I find as the reason for the bounce:

Remote host said: 550 Spam detected within email [BODY]

Could someone from Plusnet explain why emails from Yahoo groups are being hard bounced please.

jelv
dtomlinson
Plusnet Staff

Posts: 2156


« Reply #39 on: June 04, 2007, 10:56:03 pm »

I'd recommend raising a ticket with the full bounce and we can take a look at why it's bounced.

Regards,

Dave Tomlinson
PlusNet Support
jelv1

Posts: 2130

« Reply #40 on: June 04, 2007, 11:31:19 pm »

That's as much information as I can find on the Yahoo groups website. sad

jelv
Penny

Posts: 1781


WWW
« Reply #41 on: June 05, 2007, 12:08:06 am »

I have been wondering why I have received no emails from two Freecycle groups I belong to on yahoofor the last couple of days

Weird that, because I too belong to two Freecycle groups, and messages from both have been arriving seemingly without problem.

Maybe to do with the "send" format of the various separate Freecycle groups?

Curiously, the spam filter is picking up NetAnnounce subscribes and unsubscribes, not all but some.  I've more or less given up monitoring them the last few days because there are so many probably-not-genuine subscribes that I just don't have the time to sort them right now, so some of them ending up in the spam folder is neither here nor there :/

Penny Rollo       Force 9 from 17/02/98       PlusNet from 2000 onwards     
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages http://www.happychild.org.uk
personal site www.pennymidasrollo.plus.com
mikeb

Posts: 657


« Reply #42 on: June 05, 2007, 01:24:24 am »

I have been wondering why I have received no emails from two Freecycle groups I belong to on yahoofor the last couple of days - between them I would expect to receive 30-50 emails a day. So I've just been to check, and as expected I find that the email address is shown on Yahoo as bouncing. And what do I find as the reason for the bounce:

Remote host said: 550 Spam detected within email [BODY]

Could someone from Plusnet explain why emails from Yahoo groups are being hard bounced please.

As I mentioned on another thread somewhere, problems with yahoo and similar groups or mail lists frequently occur when service providers do spam checking unfortunately. I don't use the PN spam checking at all so all I do know is that yahoo stuff doesn't appear to be being silently bounced on receipt as I'm still getting my digests and messages coming through from a few groups I use.

Yahoo really are a PITA with their bouncing policy. One single bounce for whatever reason and all mails are stopped but they generally take ages to actually tell you about it so you can reactivate the address.  I quite often find that it can be up to a week before the problem is flagged on yahoo even when it's obvious that messages aren't being sent. There is no way that I've found to identify which message actually caused the bounce either as any reference on the yahoo bounce history doesn't tie up with message IDs or numbering in the group. All you get is some obscure error message such as "spam detected" or "content rejected" in the message body Sad  I also get the distinct impression that yahoo treat any failure to deliver on the first occasion as a bounce as well so if there is any sort of problem they don't necessarily retry.

What tends to happen in my experience is that someone posts a dodgy message i.e. either a bit spammy or with rather iffy content in some way.   Also, I think the other big problem with such groups/lists is that there are a lot of stupid people out there Shocked  They subscribe to them then decide they no longer want to receive messages but are too stupid to change their mail options or leave the group so report the messages as spam instead thus causing probs for others if/when the sending IP gets blacklisted.

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
jelv1

Posts: 2130

« Reply #43 on: June 05, 2007, 05:26:31 pm »

As of now I am going to give up forwarding emails to training as a pointless waste of time - I would suggest anyone else who values their time does the same.

I've just received a message with a subject of "Recent discoveries in herbal science have shed new light on the subject of penis enlargement" with a body of "When you reach the growth size that you want to achieve, you no longer need to take MegaDik". Here are the relevant headers:

Quote
x-open-relay: 62.87.142.95 is in a black list at bl.spamcop.net

X-DSPAM-Result: Innocent
X-DSPAM-Processed: Tue Jun  5 15:50:12 2007
X-DSPAM-Confidence: 0.5479
X-DSPAM-Improbability: 1 in 122 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Factors: 27,
   Received*Jun, 0.00181,
   Received*Tue+05, 0.00507,
   Date*Tue+5, 0.00682,
   reach+the, 0.00960,
   Subject*on+the, 0.01000,
   longer+need, 0.01000,
   Subject*herbal, 0.99000,
   Date*2007, 0.99000,
   Date*47+0200, 0.01000,
   size+that, 0.01000,
   Subject*Recent, 0.99000,
   Received*admin, 0.93829,
   Received*for+admin, 0.93829,
   reach, 0.06780,
   Date*5, 0.07506,
   Date*Jun, 0.07580,
   X-MimeOLE*V6.00.2800.1106, 0.91513,
   X-MimeOLE*MimeOLE+V6.00.2800.1106, 0.91513,
   to+achieve, 0.10971,
   achieve, 0.11002,
   growth, 0.88469,
   Content-Type*charset="windows, 0.87976,
   no+longer, 0.12561,
   x-open-relay*is, 0.84924,
   x-open-relay*a, 0.84924,
   x-open-relay*black+list, 0.84924,
   x-open-relay*list, 0.84924

I found it particularly revealing how, in spite of all the training, it gave the scores as it did for the words "penis", "MegaDik" and "enlargement" (it is obviously processing both the subject and body given the scores it has for growth and herbal).

jelv
mikeb

Posts: 657


« Reply #44 on: June 06, 2007, 02:53:09 pm »

It's looking like yet another well spammy week with copious amounts of the explicit stuff as well as the usual dodgy_software_R_us rubbish so far Sad

One thing I really don't get though is why the hell the registration and dns services for all these Fairly_Random_Name.tld sites can't be prevented or at least shut down pretty quick therefore making it a waste of time/effort/money for the b*ggers to keep on trying. Maybe something is being done if only DoS attacks as none of the sites actually load (apart from the dodgy software one) so it must be a futile exercise trying to sell this crap anyway ! if they are indeed trying to sell stuff as opposed to infect more systems with malware. The vast majority if not all of them seem to have near identical whois info and as I found before, all resolve to one or more of a fairly short list of common IPs.  At the mo the whois for all that I've looked up appears to be:

Quote
Domain Name: HSQV.COM (and lots of others)
   Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
   Whois Server: whois.joker.com
   Referral URL: http://www.joker.com
   Name Server: NS1.JJJDNS.COM
   Name Server: NS2.JJJDNS.COM
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 02-jun-2007
   Creation Date: 02-jun-2007
   Expiration Date: 02-jun-2008

>>> Last update of whois database: Wed, 06 Jun 2007 13:07:08 UTC <<<

[whois.joker.com]
domain:       hsqv.com
owner:        Sammy Lee
organization: Liquid Ventures Inc
email:        admin@liquidventuresinc.com
address:      44/E ENTERPRISE SQUARE
city:         KOWLOON
state:        --
postal-code:  0000
country:      HK
phone:        +852.94528422
admin-c:      CCOM-1028986 admin@liquidventuresinc.com
tech-c:       CCOM-1028986 admin@liquidventuresinc.com
billing-c:    CCOM-1028986 admin@liquidventuresinc.com
nserver:      ns1.jjjdns.com 210.3.9.200
nserver:      ns2.jjjdns.com 210.3.9.200
status:       lock
created:      2007-06-02 21:23:09 UTC
modified:     2007-06-02 21:23:09 UTC
expires:      2008-06-02 21:23:09 UTC

contact-hdl:  CCOM-1028986
person:       Sammy Lee
organization: Liquid Ventures Inc
email:        admin@liquidventuresinc.com
address:      44/E ENTERPRISE SQUARE
city:         KOWLOON
state:        --
postal-code:  0000
country:      HK
phone:        +852.94528422

source:       joker.com live whois service
query-time:   0.018779
db-updated:   2007-06-06 13:07:17

I realise that preventing registration or shutting down the sites won't stop the spam as such but surely something could be done to make it way more difficult and painful to keep trying to peddle this rubbish ?  Likewise dealing with the compromised systems sending the spam out in the first place. I'm bl**dy certain that service providers, registrars and so on could do lots more to control and limit the problem *IF* they really wanted to ... which they clearly don't, of course  angry  I mean, I've never yet come across any service provider anywhere in the world that takes abuse reports in any way seriously and responds in a timely manner (if at all that is). All this spam filtering and suchlike being implemented is next to useless in reality IMHO esp trying to do Bayesian detection on a mass_user scale.  It might well produce reasonably good results on a per_user basis but I just don't believe it can ever produce particularly reliable results otherwise. Apart from that, filtering is simply trying to hide the problem rather than trying to fix it of course !  What are service providers various doing (if anything) to fix the fundamental problem other than adopting the ostrich position ?
« Last Edit: June 06, 2007, 02:58:03 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
Pages: 1 2 [3] 4 5 ... 16
  Print  
 
Jump to: