> -----Original Message----- > From: Yorkshire Dave [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 11:58 PM > To: Chris Santerre; spamassassin list > Subject: RE: Re[2]: [SAtalk] [RD] Rule Philosophy > > > On Wed, 2003-08-06 at 15:14, Chris Santerre wrote: > > *big snip to save bandwidth* :-) > > > > Wow this is a great discussion! Lots of stuff to cover. I > guess the whole > > local rule submission thing first. It is WAY too big for > one person. I like > > the idea of 1 person in charge of one type of rule. Like "From" or > > "subject". People could submit rules to that person to be > added. This could > > ease the load. However multiple people would have to check > those rules > > against their own corpus. > > > > Look at the great work Dave is doing grepping out URLs from > a corpus!! That > > rocks!! I would bet that takes a lot of time, and therefore > he would only > > (hypothetically, I'm not trying to volunteer him!) have to > cover that. The > > marking of rules as temp_evil_Aug03 is kick butt idea!! > > It took about 2 dozen lines of perl, it misses some url's and > chops the > end off others, but for the 80% or so of url's it pulls from the spam > and sorts for me, I get a few good rules.
Sweet. > > I don't really see it as a scalable solution tho, I could make more > rules from what I have but I'd have to investigate each case, > go to the > website in the url, see if it's spammerville or some free webhost in > need of an abuse report. I'm only doing the obvious ones at > the moment, > biz-ish / spam-ish / porn sounding domains etc. > > One spammer could register domains way faster than one person could > write rules. > Agreed. > I'm already seeing spam with subjects of randomized thesaurus > words, you > can write a filter for all combinations of > Unearth Your Assistant In Another Motherland > Recover Your Mate In Another Countryside > Recover Your Helper In Another Nation > Regain Your Companion In Another Land > etc etc, but it takes time, probably more time to compile all the > combinations than it took to write the ratware that sent it > /\wYour\win/i would catch a few ;) *snip* > ... I think maybe you're diving in a little > too enthusiastically into something thats only half an idea at this > point. > LOL. I've been known to do that on occasion. :P > Writing a few rules and putting them on an informative webpage is one > thing, anyone who uses them can read them, see what they match before > deciding to use them > > Putting a large set of rules in ready to run form for people to > automatically wget or rsync is a different thing entirely. People are > expected to use those rules without manual verification, it > then becomes > a trust issue, being trusted to mess with other ppl's mail > delivery. I'd > hate to say trust me only to have to say sorry we can't keep > up in a few > months time, and I'd hate to say it and have it blow up in my > face with > glaring false positives > Ah, we weren't on the same page. I was thinking more along the lines that it would be looked at by human eyes and not thrown in like an antivirus update. There simply isn't any way to do that. One man's spam is another man's ham. That will never change. I don't ever imagine a day when SA could have rules updated automatically. Maybe spliting the files up beyond rule type, but spam type. (eg:Nigerian). > Lots more thinking needed, I reckon :) Not too much, it would spoil the surprises! > > -- > Yorkshire Dave > Dang it, which one is your first name!?!?!? :) - Chris ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
