dealing with email from "Mydoom" worm
fred at ontosys.com
Tue Jan 27 14:46:16 EST 2004
I'm wondering how others are dealing with the onslaught of e-mail from
the "Mydoom" worm. A bunch of the messages got through my bogofilter
instance this morning as both "No" (ham/false-negative) and "Unsure".
I trained on those messages as spam and now not much is getting
through as "No" but quite a bit still gets classified as "Unsure".
I'm continuing to train on those, as usual.
But something feels wrong about using bogofilter to process
worm-generated email as akin to spam. I'm concerned that the "Mydoom"
triggered messages are a bit too close to real non-spam messages for
comfort. (On the other hand, I get so many bounce messages as a
result of spammer's forging "from" headers with my domain names, that
I'm mostly ignoring such messages anyway.)
More information about the Bogofilter