Per Jessen schrieb:
Marc Perkel wrote:
I do most of the filtering using Exim rules and I only use
Spamassassin on less that 1% of incoming email. What I do is focus on
the behavior of the spammer rather than the content of the message. I
have too many tricks to describe here but my filtering is extremely
accurate.
OK, that's fair enough. But it also virtually rules out my using
anything from login-solutions(courtesy of Dirk). I can't trust
somebodyelses hashes very much, not unless they are from guaranteed
spamtraps or manually verified.
I'm sending Dirk only hashes. We set up a special server to process
them at high speeds. I'm probably sending about 100k hashes a day.
Very impressive.
/Per Jessen, Zürich
Maybe just a few words to close that discussion here:
Marc has sent me hashes generated from his spamtraps for quite some time
now, and he's a valuable source of input for me. He's definitly 'up
there', as he puts it, and I'm really grateful he's investing time and
resources as he did.
There's another volume contributor who's propably busy fixing broken
hardware, else he'd maybe come forward - he's a regular here.
I know of one other contributor who explicitly wants to keep his
involvment a secret. And that's why I've chosen to mention no-one in the
first place. If you don't like that - don't use my lists.
Another thing: You mention http://www.nixspam.org a.k.a
http://www.heise.de/ix/nixspam/. Just to be clear - that's a different
story and a different project. NiXspam is a procmail-based spam filter
that produces lists (i.e. text files) of IPs and fuzzy checksums to help
identify and block known spam sources or mails. Years ago manitu.net, a
German ISP, volunteered to publish this data via DNS. This data was the
initial impulse for me to write up this plugin (so I can use the hashes
from within SA), but otherwise the two projects are separate. I'm not
affiliated with Heise, and I don't provide input for their list.
Dirk
