Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - "Recycle" Spam
  FAQ FAQ  Forum Search   Register Register  Login Login

"Recycle" Spam

 Post Reply Post Reply
Author
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Topic: "Recycle" Spam
    Posted: 21 August 2008 at 8:49pm
Roberto and crew-
 
(beating dead dog again)
 
Any move towards or ideas for a method to send missed spam back to SFE to "recycle" it?
 
Wink
 
Jeremy
 
 
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 29 August 2008 at 5:26am
I have to agree....
 
Although SF is good, it does still let some spam through, we NEED a method of telling SF that a certain email is spam and that it should then block the IP and register the hash with eth SFDB.
 
Roberto, what do you suggest we do with spam emails that get through??
 
 
www.internetmailservices.co.uk
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 29 August 2008 at 11:07am
Good idea now that everything else is working smoothly. Wink
http://www.webguyz.net
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2008 at 6:01pm
We've always been resilient about allowing users to submit spam emails back to SpamFilter. This is because the process is too prone for errors. Users may not be able to forward back the *original* message, as for example Microsoft Outlook clients will completely change the email and preventing access to the real, original source (there is a plugin to do this... but doubtful the average user will have it).

To be successful, SpamFilter would have to keep a copy of *all* incoming email's headers, not just spam, so that they can later be referenced via some kind of unique ID to allow post-back. The benefit of this however is going to be limited due to the way the SFDB works. Our SFDB is updated in real-time by all SpamFilter's throughout the world, and we require multiple spam reports from each SpamFilter installation, within a short time-frame, before accepting an IP for possible inclusion in the SFDB from that specific installation. In addition, only if several different SpamFilter then in turn report the same IP, will finally the IP become blacklisted. This makes the process extremely reliable, and false positives are extremely, extremely rare, while at the same time allowing for semi-real-time reporting.
Having individual users report spam will not help much, as each "human" report will be a drop of water in a lake as far as contributing in reporting an IP to the SFDB.
Furthermore... the submission mechanism for the SFDB is kept automated, with encrypted submissions as to reduce the risk of "poisoning" the database with invalid and/or incorrect data. If we allowed an option to provide users with the ability to manually submit data to it, we would increase the danger of spammers abusing this method to upload invalid data to the SFDB, thus reducing its effectiveness.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2008 at 6:16pm
Roberto,
 
I see what you are saying and I fully understand your wish to keep the SFDB atuomated and secure.
However, your response does seem to focussed only on blocking the IP of the sending server, rather than the email in question. We get a lot of emails which come form legitimate IP's where the content of the email if obviously spam. This kind of email should not be considered purely based on the ip that sent the email as it may have come from a server which hosts hundreds of domains.
Spammers are getting really educated about the ip's of their servers and we are seeing SF miss emails with obvious spam content.
I think you should be concentrating more on the content of the email rather than on the IP that it came from as your response seems to suggest.
 
A method of sending the spam email back to our own SF installation and retraining the basyan filters or the keyword filters would be a great idea.
 
If SF continues to focus soley on the IP of the sending server, then I can see it's effectiveness reducing over time, and that would be a real shame.
 
Steve.
 
www.internetmailservices.co.uk
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2008 at 9:04pm
I agree with Steve's idea that we should not look solely at the IP and would like to add:
 
I am not envisioning a system that will necessarily report to others, but just a way for my SFE installations to re-train themselves.  Any way for my users to report these emails in an automated way would be a plus over the manual sifting that we have to do now. 
 
It seems that these "missed" emails come in waves, often scattered over a several hour period.  If the earliest recipients of these messsages can make a difference for the rest of the users who have not yet received them - that would be a huge benefit.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 03 September 2008 at 5:09pm
The SFDC filter that we introduced a few months ago does act on the emails content, rather than the IP as in the SFDB. With the SFDC, SpamFilter analyzes the body of the emails reported as spam, and creates a hash signature to identify emails with very *similar* content. This has is then uploaded in real-time to our SFDC server. From then on, things will work very similarly to the SFDB filter. Once we receive a number of different reports for the same hash, that hash (instead of the IP) will be blacklisted, and all incoming emails with similar hashes will be rejected.

This method is not nearly as effective as the SFDB filter (on average the SFDC filter will stop only 2%-4% as many emails as the SFDB, but if you receive about 100,000 emails/day, that still means 2,000-4,000 emails stopped by that filter.

As I mentioned before, it is very risky to stop emails at an enterprise level based on feedback sent from the end-users. We do however always listen to comments and requests, and this has been one of our oldest, still unsatisfied request. If we're able to come up with a way that will allow users to provide feedback for spam, and at the same time minimizing the risk of stopping valid emails being addressed to an enterprise, we'll definitely implement it.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.