Hi, I'm getting hammered by snowshoe spam :-( I've added rules to try to catch common formats of included URLs in the spam, but I'm wary of scoring these rules too high because of the potential for false positives. It's hard to come up with other rules as the spam e-mail content is so generic. By default these spams score incredibly low (bayes, etc.) In many cases, the low bayes values are scoring negative, which completely offsets the few positive scoring rules that I have added.
Are there other RBLs or domain checks or something that could be used to possibly get more indication that a spam is a snowshoe spam from a "bogus" domain? I've also added a meta rule that combines URIBL_BLACK, DCC_CHECK, and my rules...but spam still gets by many times because it scores so low/negative otherwise. Maybe I just need to score everything higher...? Any thoughts/advice are appreciated :-) -- View this message in context: http://www.nabble.com/please-help%2C-getting-hammered-with-snowshoe-spam-tp21627042p21627042.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
