[SpamCop-List] Re: Where's the spam gone ?

Tue Dec 13 13:08:54 EST 2005

"Bill Beyer" <bill_beyer at excite.cXoYmZ> a écrit dans le message de news: 
dnkbpn$874$1 at news.spamcop.net...
>
> "Fred K." <96q7vwa02 at sneakemail.com> wrote in message
> news:dnii9i$9jh$1 at news.spamcop.net...
>>
>> "KD" <munged at nomorespamithurts.com> wrote in message
>> news:dni6r4$3hb$1 at news.spamcop.net...
>> > Hi all,
>> > Obviously I'm being a bit thick here but my usual 'spam load' of 50+ 
>> > per
>> > day
>>
>> If your ISP has iniated spam filtering, you should see the filtered spam
>> on their server in a spam folder. Spam filters do give false positives, 
>> and
>> they should wind up in the spam box on their server. You have to be able
>> to check the email they classified as spam. Otherwise you could loose
>> email that they declare as spam when it really is something from
>> somebody that you don't want to miss. Not being able to see the
>> email they classify as spam is a bad thing.
>
> This is an interesting thread. I was actually going to post a query about
> the effectiveness/relevance of blacklists. I have 2 main email addresses 
> on
> different providers. 1 uses the SCBl and the other uses Brightmail. On 
> both
> accounts I have seen a significant increase in spam emails which make it
> past both filters. Clearly some spammers are finding effective ways to get
> past the listings by hopping IPs.
>
> I have no way on either account to check the mail that gets blocked. It 
> goes
> away and I don't ever see it.

My ISP has a subscription option for its antispam, but does not publish 
which RBL list it uses. It may have a positive effect if spammers can't test 
their campaign against known lists. May be it uses its own list of known 
spams and spammers, based on the reported emails marked by its users using 
"this is spam", and from various secret honey pots that silently monitors 
incoming spams (trying to reach an address which has been initially 
advertized in some "don't reply" messages posted to some newsgroups that are 
known to be used by spammers. Or by subscribing and immediately subscribing 
to known unsafe lists.)

Well, its detection rate is very high, and it puts the spams in a 
"undesirable" folder, which can be cleaned automatically after 1 week or 
left for analysis by the mailbox owner. I sometimes look at this folder, 
only once or twice a week, to verify the content it has filtered, or when I 
still can't see an email that I am expecting. I have still not seen any 
false positive since several months I use it (and this filter collects about 
150 to 250 spams each day per email address), so now I don't have to report 
them (instead I concentrate on reporting now only the few spams that can 
still pass through the filter). So the detection rate is about 98% with 0% 
false positive. This really saved me lot of time, much more than when I was 
usinga single RBL list, andwith muchless false positives than with SCBL 
alone.

(Note that I don't count virus messages as spams, because my ISP also 
includesa separate optionfor filtering virus silently; although I also have 
my own local antivirus installed, it saves lots of space in my mailbox, and 
I don't need to report them or care about them). The occurence of virus 
reaching my mailboxwithout being detected by the ISP is extremely small. 
When this occurs, this is most often not detected by my local antivirus 
installation, but they are still easy to identify as small compressed 
attachments from random sources and subjectslineswith no meaning for me. 
There's no reasonfor me to even open and read the messageand not even its 
attachment, soI silently drop them. This generally occurs for a very short 
time, for new virus variants. In more than 8 months since I subscribed this 
option, my local antivirus has quarantined automatically only 3 viral 
attachments, for some new SOBIG variants).

In some weeks, with the new EUDC-related law, my ISP will be able to create 
comparable fingerprints of all emails coming to or going from its email 
servers, meaning that it should be able to autodetect spams based on 
content, statistics, location of the mailing lists and identification of the 
sender, all that automatically even without needing any user report (note 
that the law will require my ISP to extend its usage logging from 2 months 
to 2 years, that's a bad thing in my opinion for privacy, because these logs 
will be shareable across ISPs and private security agencies, including some 
with weak behavior and discutable commercial practices). 