They are generaly a clone of each other just substituting the send to address.
Usualy there the typical viagra or stock scam. If they where incoming my SA would catch em and mark em but as there not being processed by sa they don't even get marked. Worse yet is even if sa marks em they still go out only with the SA header on them kindly notifying the recipient that this indeed is spam. Nifty huh -----Original Message----- From: Rob McEwen (PowerView Systems) [mailto:[EMAIL PROTECTED] Sent: Monday, August 14, 2006 2:23 PM To: users@spamassassin.apache.org Subject: RE: Checking my own users mail Tom said: > I do however if they get a Msoutlook trojan that can use outlook to > forward the spam it get's right on through What a nightmare. I've been aware of this possibility, but I didn't think it happened that often. Are there any particular characteristics of the outgoing spam and/or viruses? I'd bet that these types of trojans which use existing outlook accounts and send mail through outlook probably tend to fall within a narrow range as far as the actual spam or virus messages that are sent. Do you see a pattern with these? What I'm thinking is that if these fall within a narrow range, then that might make it more wise to scan outbound mail.. but to do so using a limited range of types of scanning to minimize resources... targetting just the types of spams that are being sent by these types of trojans. Rob McEwen PowerView Systems [EMAIL PROTECTED] (478) 475-9032
