> -----Original Message----- > From: Mike Klein [mailto:[EMAIL PROTECTED] > Sent: Monday, September 22, 2003 3:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [SAtalk] SpamAssassin filters seem too weak out of the > box...
[] > > As far as I could tell, my spam email was pfs (that's pretty f%$%$king > suspicious for all you acronym folks). Which rules do you think your hand-crafted spam broke, that need to be rescored higher? These rules have been tested with tens (if not hundreds) of thousands of actual spams, and scored appropriately > > This is what I attempted to do. Wasn't detected however. I > guess my spam > wasn't spammy enough. Exactly so. It's actually pretty difficult to make one, but you can do it if you look at the rules page and purposely break several rules. > > As far as my 'spam' not being from a known spammer...I'm not > sure of the > real relevance here, when spammers can change their email addresses > willy-nilly... Yes, they can change their email address willy-nilly. What they cannot do is change the fact that they're listed in 8 RBLs, are sending spam that's been reported to Razor, Pyzor, and DCC, are sending from spamware through open relays with forged headers that break 7 different rules. You cannot do that from a properly-configured client through a well-configured network environment. The header rules are the ones that get them, more often than not. > So step#7 basically is fubar, if I can't completely whore out > an email on my > own and have it detected as spam. If I need to read all SA > docs to figure > out what constitutes a REAL spam email, then step#7 > s/probably state this. Read the tests, and select several of the body tests to break. Compose in a huge red HTML font in all capital letters with lots of exclamation points and cut & paste the "this isn't spam because of senate bill blah blah so click here to unsubscribe" Or better yet, just cut & paste the body of a spam in its entirety. When I'm constructing my own spam for testing purposes, I find I need to do both. > > I never stated SA was a piece of [EMAIL PROTECTED] that filters > 'seem' too weak > (ok, maybe I could've added a 'seem' before abysmal!). It might seem that way, but statistics over millions of pieces of spam and non-spam do not bear out that observation. > Believe it or not, I > have had spam as simple as my 'spam' email below. All of us have. And if it broke no more tests than that, it would have been the one-in-500 that gets through. Honest, Mike. Try it. It may seem counterintuitive, but it really does work. It's actually quite difficult to hand-construct a spam. That is expected behavior. Good luck, -tom ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
