info about spam messages
Tom Anderson
tanderso at oac-design.com
Fri Jun 18 00:00:42 CEST 2004
From: "Tom Allison" <tallison at tacocat.net>
> I should think that the generalization of tokenizing the domain.com
> seperate from the username would by similar to your experiences with
> tokenizing the ASN as a generalized group representation of the IP
> addresses.
>
> For example, everyone from AOL is pretty much a criminal in my records,
> with the exception of one address. That address is slowly gaining
> enough ground over time that they are no longer Spam, but Unsure.
friend at aol.com, spammer at aol.com, friend at msn.com, spammer at msn.com
#1 and #4 above are people you know and love, #2 and #3 above are spammers.
How can you tell the difference? It's like the difference between Tom in
Seattle and Tom in Denver... neither the name Tom, nor the cities of Seattle
or Denver tell me much about the individual alone, but together (assuming I
only know one Tom in each of those cities, and let's say I also know a Jane)
is fairly descriptive. While it is true that aol.com and msn.com may in
fact be useful on their own, just as maybe Seattle and Denver might (or
Nigeria and China, to be more realistic about ASNs that are very
meaningful), I'd prefer to have both the specific and the general cases
available to score on. This is the case with IPs and ASNs when I look them
up with spamitarium. I use both. Right now, we don't get the specific case
with bogofilter for email addresses, just the generals, broken up.
Tom
More information about the Bogofilter
mailing list