First Alert report blacklisted junk automacticly..

rfharbin · Guest

All mail that is on my blacklist or that is filtered I have to click the check-box to report it. This is at least fifty or sixty e-mails a day. May I suggest that you add a function to have any mail that is blacklisted or filtered automatically put a check-mark in the report box, or at least a button at the bottom that will do this when I am ready to do so.

stan_qaz · Posted: Fri Jan 16, 2004 4:35 pm Post subject:

That is not going to happen, check your instructions again, they require each e-mail be individually reviewed prior to being submitted to the first alert system.

Folks have been submitting non-spam e-mails and messing up the system already, removing the manual review would make that worse.

For more info search here on the author boo and the subject First Alert.

AbdLomax · Private Joined: Mar 10, 2004 Posts: 35 Location: USA

I've been looking through old posts on this forum and making a few comments. Here is another:

The name of First Alert implies something about how it works or should work. When it is working well, it will quickly identify spam and add the spam signature to the database. In such an environment, repetitive reports are useless. I.e., once mail is tagged by First Alert, reporting it will just add to the mail burden. (It shouldn't add to the aeministrative load, since presumably reports going to admin will be prefiltered to remove already-tagged spam reports.)

Mail that is being locally tagged by a blacklist or locally-created filter is almost by definition not new spam. More worrisome, if, as Mailwasher makes quite easy, it may even be the default, mail is being tagged by SpamCop, which has a low but persistent false positive rate, automatic reporting of such mail to First Alert will add to the administrative burden and increase the risk of a false indentification ending up on the First Alert list, which would be a serious failure.

So it is essential in the First Alert system, as was said, that a reporter have looked at the actual mail sufficiently to clearly and unmistakeably identify it as spam. Sometimes this only requires looking at the Subject line: "Impress your girlfriend!" Sometimes it may be necessary to look at the mail content: "Order information." Mailwasher Pro now makes all this really easy and fast.

Local sender blacklists, by the way, are being greatly over-used. They are quite ineffectual in identifying spam, and have a growing false positive rate as spammers increasingly spoof From headers, plus the all-too-common practice of adding SpamCop tagged mail senders to a local blacklist.

tbenton · Cadet Joined: Oct 30, 2003 Posts: 7 Location: USA

I have had Mailwasher for a long time and First Alert since the trial began. I follow the instructions but seems I am getting more and more spam. MW and FA are wonderful for not getting the spam into my downloaded email but it takes so long to go thru the list delete/bounce/report,etc and longer every day. My filters do not seem to work at all either no matter how hard I try or how I configure them. Bottom line is that nothing seems to be helping the spam onslaught. I am wondering whether to pay for F Alert as it seems that the database of spammers grows too fast for anything to keep up with it. They are smarter than I ever thought they could be and it makes me winch, scream, moan and cuss. I have NEVER been to any web sites (not even by accident) to elicit all the penis enlargement and porn spam. No one uses my PC but me and I am always amazed at how they find me except that I get lots of it that is multiaddressed to many on my high speed cable ISP.

I also have everything checked to blacklist, delete,bounce AND hide but it never hides anything but my friends list....whats up with that?? Jedi Brawl

Any words of wisdom or comfort?

Terri

stan_qaz · Posted: Wed Mar 17, 2004 11:28 pm Post subject:

stan_qaz · Posted: Wed Mar 17, 2004 11:35 pm Post subject:

Try this, first give up on the blacklist and quit bouncing. They aren't worth the effort.

Keep FA as it keeps getting better as they go along and learn more about running it.

Look at some of the filters proposed here, Denn has a couple good ones as does Gary, a half dozen of these should catch 90 percent of your spam.

If you have a good friends list turn on the source of spam tool and select spamcop.net.

I don't hide stuff so maybe someone else has a suggestion there.

Ikeb · Posted: Thu Mar 18, 2004 12:59 am Post subject:

tbenton · Cadet Joined: Oct 30, 2003 Posts: 7 Location: USA

Thanks so much for all the great replies/suggestions. I think I need to get some some filters installed.

One question to ABDLomax....how do I know which spam signatures I have already reported to avoid repetition?

Bottom line is that my spam email list in MW keeps growing and growing no matter what I do or what First Alert does. Its driving me MAD. Evil or Very Mad

Terri

stan_qaz · Posted: Thu Mar 18, 2004 8:01 pm Post subject:

Keep reporting all the spam that FA until it gets listed, the more they get the better they can figure out what changes they need to make.

Go with the filters, put a bunch (less than 10 to start) in and let them run. Keep an eye on them and rearrange them to suit yourself. The only way to evaluate a filter is to put it first in the list for a week and see how it performs, that is because the second and following filters don't get a shot at all the incoming spam and their hit rate suffers.

AbdLomax · Private Joined: Mar 10, 2004 Posts: 35 Location: USA

stan_qaz · Posted: Thu Mar 18, 2004 9:14 pm Post subject:

There is no such thing as a "FirstAlert filter" that isn't how the system works.

You got the two tasks you mentioned for FA right but there are a bunch of others that need to be done as well, if you are interested I posted on some of them as have others.

If you don't have administrators you have another spamcop type service with a false positive problem. Not what most FA users want.

Ikeb · Posted: Fri Mar 19, 2004 12:40 am Post subject:

Stan I don't think Abd's suggestion does away with Adminstrators. It just allows them to focus on the "intervention required" situations. So what if the administrator doesn't see a SPAM already reported by two accredited reporters.

True I don't understand what he's on about WRT FA! filters, perhaps you mean "filter which is good enough to autoreport to FA!" Abd?

I like the idea of having an official user credential although I can't see any clear distinction from similar suggestions you've already made Stan. Abd, perhaps it would be useful if you reviewed previous suggestions regarding user accreditation as a means of clarifying how your idea enhances or shifts the basic concept.

The idea of trusting users to become administrators is definitely novel and really intrigues me. This concept would clearly allow FA! to scale as required. And it would allow 24x365 operation of FA!, the lack of which has been noted during Kiwi holidays. Wink

AbdLomax · Private Joined: Mar 10, 2004 Posts: 35 Location: USA

Thanks, Ikester. Maybe I don't understand how First Alert works. This is what I thought. When a piece of spam that is not already tagged by First Alert is found and confirmed, a filter is created; that is, a signature is prepared which theoretically will identify the spam even if substantially modified. This signature/filter, whatever you call it, allows the spam to be identified, tagged. Whether the filter is sent to the user or the filter operates on the FA site I don't know; as far as processing power is concerned, it would theoretically be more powerful if the filter is running on the user computer.

My point was that if an automatic filter ("spam identifying tool") was good enough to allow its use for automatic reporting of spam, the filter could simply be one of a collection of filters that would comprise the First Alert spam-tagging system. So First Alert administration should not allow user reporting of spam based on a user-written local filter. However, it might accept submissions of user-written filters, which it could test against large mail traffic to determine the false positive level.

First Alert doesn't call their spam tagging technology a "filter." But it is nevertheless, as I read about it, a collection of filters that are maintained and which grow as new spam is identified.

This is the situation: there are many more users than spammers. By harnessing the user base in a way that places a very small burden on each user, spam can be overwhelmed. Trying to do it through a small company without effective harnessing of user power is not likely to work, there are too many spammers and they have too many resources (more than the resources of a small company, not more than the resources of the users).

If you look at it from a financial point of view, FA has proposed, if I'm correct, a user fee of something like $7 per year. If the average user's labor is worth $7 per hour (it ought to be worth quite a bit more than that!), $7 per year is 2 cents per day, or roughly a minute per day. Would I put more than a minute per day into fighting spam if I though it would be effective? Of course I would! There are SpamCop users who spend hours a day copying and pasting headers....

*Harness that energy.*

stan_qaz · Posted: Sun Mar 21, 2004 12:14 am Post subject:

Ikeb, Spamcop.net requires several reports from users before an address is tagged as a spam source and it still gets bunches of false positives. False positives on addresses that is which is different than false positives on e-mails which is another matter entirely.

Abd, You are completely confused on the first alert operation. A digital fingerprint is prepared by the FA portion of the mailwasher program and sent to firetrust when an e-mail arrives. That digital fingerprint is compared to other fingerprints in the FA database and if it matches closely enough you get a response back indicating it is a known spam. No filter is ever created either on your system or in the FA database.

Ikeb · Posted: Sun Mar 21, 2004 12:45 am Post subject:


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 769 pages served in previous 5 minutes. Page Rendered: 0.690 seconds.