I get lots of these types of emails never coming from the same ip.  what are you guys doing to stop these?  They are always changing as far as the text / info contained within them.  Below is an example:


Subject: Brittany

The hottest pick this year!   
   
It just doesn't get any better than this.  Booming sector, tightly held,
with    
an incredible PR blitz starting up.  Not only that, but the company is set
to    
release some smashing news.   
   
Physicians Adult Daycare, Inc.   
   
Symbol: PHYA   
Current Price:                           $1.90 (+18% Friday!)   
Short-Term Projected Price:  $4.25   
Long-Term Target Price:       $10.20   
   
As the population ages, the economic value in the US market for adult    
daycare is projected to grow nearly 600%.  Globally the potential market

is a staggering $45 billion.   
   
PHYA is already hitting it big in the sector.  With solid acquisitions,

expert management, and a red hot sector, PHYA is looking at record    
earnings.   
   
Check your favorite news source.  Check your Level 2 market data.  You    
will see that this one is set for an explosion.   
   
With the huge publicity that is on the way THIS is where you want to be.

Make sure you get in early on December, 18th.  Win big with PHYA!

I'm going to drag out my favorite dead horse and beat him some more.

If we had Spamassassin addon for SF there would not be a need to constantly keep writing keyword filters. SA is constantly being updated and can be extended. We use it as a filter after SF and are amazed at how much stuff it catches, including the amount of image spam. Whats frustrating is that there is no way to have SF learn about this spam so it can update its bayes engine and start catching it first. Thats the only item missing from making SF and SFE the cats meow.

I am using a copy of alt-n mdeamon v8 that we already had and sending all SF output to it. The Mdaemon just does SA and acts as a gateway to our mail servers. I have a content filter that checks to see if an entry was whitelisted by SF and if so just send it on its way, otherwise I have SA check it. I have certain rules for different weights that either throw it away or if its borderline, put it in a folder in MDaemon and have a human being (me) check it once an hour. When I check that folder I have the option of putting that email in different folders and i have created asp scripts to process whats in those folders every five minutes.

I have a surbl folder and anything in that folder is looked at with a script to find a valid url and I add that to my private surbl engine we run.

I have a whitelist folder and any email put in there has an asp script that extracts the from and to addresses and creates an entry in SF's autowhitelistdelivery.txt file and also sends the mail on its way

I have ham and spam folders that help SA tune its bayes engine and that runs nightly.

Just by moving these boderline emails to different imap folders I can manage the spam.

One other thing I forgot to mention is we scan the outgoing mail log and we create autowhitelistdelivery.txt entries so that cuts down on false positives as well.

All in all its pretty complicated but I hate spam and my 5000+ customers get so few spams that they are surprised when they do get one.

There is no perfect (windows based) spam system out there and I have tried them all, but have noticed that ALL of them have the ability to use SA (except SF )

Could you PM me this particular RegEx? I'm very interested at stopping this kind of spam as well...

mike dot kellenberger [at] escapenet.ch

Thanks!

ImInAfrica,

  For a high volume site like yours what I do is probably too hands on. Another member here, kspare, told me about their setup which might work for you.

   --- > SF1 ---> SA --->SF2

It involves 2 instances of SF and whatever filter system (SA, or whatever) you want to incoporate.

The first SF gets the initial email and does primary spam filtering and then forwards all email to middle device (lets say its SA) and there SA will tag spam (not drop it) that scores very high with some special tag you designate and then sends to seconds SF. The second SF instance sees that special tag and a filter adds it to the quarantine db.

The upside is that there is not a lot of handling of the SA stuff by you or your personal, but users do have to check their quarantine often.

The downside is that the 2 SF instances don't share common knowledge (like in bayes) so there is no learning going on. All you've done is quarantine but everytime that mail come thru it won't be stopped at the first SF. No matter what you do its a kludge and nothing will replace having it builtin to SF and SFE.

Now if EVERYONE told Roberto how they feel about SA being included it might happen someday because LogSat does listen to their customers, but the customers must let LogSat know what features they need.

Happy Holidays!

Ok, this is not fair... you are all teaming up together... this is a bad sign for us as it will probably mean more work for us in the near future to add features...

no promises on SA, but we'll see what happens after we release SpamFilter Enterprise...

With all the chatter on here about SpamAssassin, I thought I would check out what cool features it has that Spam Filter does not have.

I was especially looking for SpamAssassin's ability to deal with image spam - as I believe that is the next major hurdle in SPAM detection.

I did not actually find any documentation about how it deals with image spam, if someone can post a link to this information I would like to read about it.

Obviously most of the features SpamAssassin has, Spam Filter already has.  A couple of nice things I did see were:

- Auto-Whitelist - based on spam scores over time of a sender
- Hash-based Network Tests, which compare fingerprints for received messages against shared lists of previously-seen spam messages

The auto-whitelist seems like the largest benefit at reducing false positives, should a email conversation start looking like SPAM but most of the time is 'normal'.

To those that have rigged up some system to get SpamAssassin into their SPAM fighting mix, could you please share with the rest of us what SpamAssassin does better than Spam Filter?

It does seem a little strange to me to be pushing the devleopment of SpamFilter to include SpamAssassin into SF if 99% of the features are the same. 

If Roberto know what users on here find SpamAssassin better at, or a must have feature of SpamAssassin perhaps SF can be improved in those limited areas.

Thanks!


Edited by caratking