John Tice wrote:
I am seeing (past 4-5 days) more spam generally slipping under my scoring
settings, but in particular ED image spam with the word '' spelled correctly in
the sender and/or subject headers. I have settings for tagging and auto discard
with a 15 point spread, and this kind of stuff used to score well above the
discard threshold. These appear to be sent from the same spammer using various
options as if testing and are finding weaknesses. So I'm wondering if something
fundamental has changed within SA or my installation, or if I just need to
tweak things a bit and wait for the spammer's adjustments to be absorbed by
future updates? Seriously- when they're sending image spam with the drug
spelled out in the headers shouldn't they be scoring about a hundred?
except that SA isn't a content filter, and good thing, or your email
would have been blocked.
mispelling the stuff would most likely trigger more rules then correct
spelling, and, your own baysian tests might be proving that.
(if correctly spelled spam was learned as spam, baysian will score it
higher at your site)
if you won't want stuff with 'that word' in it, write a rule.
Thanks,
John -not sophisticated, but getting by :)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
