Mark said: > A few weeks ago I thought of an interesting new "statistical" way of > fighting spam. Having collected a few weeks worth of maillog data (about 500 > MB), I wrote a small Perl script, matching IP addresses by the following > simple rule (in words): > > "Look at SMTP connections, and consider all IP addresses spam that, in one > session, deliver to 4 or more local recipients simultaneously." > > Naturally, I ran a post-process pass, so as to filter out white-list data > (mailing lists and such). Based on the idea that, apart from mailing lists, > there is hardly ever a decent reason for a remote host to deliver to more > than 4 recipients simultaneously, the result was, indeed, astounding. :) > Near 98% was pure spam. > > So, I was wondering, regardless of this particular idea, have the SA > developers ever seriously thought about doing maillog analysis? That may > make things a bit platform/MTA dependent, but you really can learn a great > deal about spammers based on "history" too, and not merely a per-message > analysis.
The difficulty there is the manual whitelisting. as far as I can see, you're measuring bulkiness there; the hard part for a useful SpamAssassin test is to come up with methods that can work without whitelisting. --j. ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
