scheidell at secnap
Nov 24, 2009, 9:46 AM
Post #2 of 3
(419 views)
Permalink
|
John Tice wrote:
> I am seeing (past 4-5 days) more spam generally slipping under my scoring settings, but in particular ED image spam with the word '' spelled correctly in the sender and/or subject headers. I have settings for tagging and auto discard with a 15 point spread, and this kind of stuff used to score well above the discard threshold. These appear to be sent from the same spammer using various options as if testing and are finding weaknesses. So I'm wondering if something fundamental has changed within SA or my installation, or if I just need to tweak things a bit and wait for the spammer's adjustments to be absorbed by future updates? Seriously- when they're sending image spam with the drug spelled out in the headers shouldn't they be scoring about a hundred?
>
except that SA isn't a content filter, and good thing, or your email
would have been blocked.
mispelling the stuff would most likely trigger more rules then correct
spelling, and, your own baysian tests might be proving that.
(if correctly spelled spam was learned as spam, baysian will score it
higher at your site)
if you won't want stuff with 'that word' in it, write a rule.
> Thanks,
> John -not sophisticated, but getting by :)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
|
