From steve at holdenweb.com  Thu Sep  1 03:52:14 2005
From: steve at holdenweb.com (Steve Holden)
Date: Wed, 31 Aug 2005 20:52:14 -0500
Subject: [spambayes-dev] [Fwd: RE: SpamBayes wins PCW Editors Choice Award
	for anti-spam software.]
Message-ID: <43165ECE.7070101@holdenweb.com>

Tony Meyer <t-meyer at ihug.co.nz> wrote:
> 
>> While it may not adequately credit the implementation 
>> language,
> 
> Was this "it" the PCW article or SpamBayes?  If the latter, please let
> spambayes-dev at python.org know how you think Python should be more
> appropriately credited; we are certainly trying to do this.
> 
> (Python is mentioned all over the website, the "Python Powered" logo is
> integrated into what passes for a SpamBayes logo, and all donations to the
> project go to the PSF).
> 
> 
With a little more context:

> While it may not adequately credit the implementation language, a Google 
> search for "sourceforge spambayes" results in the first hit being linked 
> as """SpamBayes: Bayesian anti-spam classifier written in Python.""".

I was actually referring to the SpamBayes home page at

     http://spambayes.sourceforge.net/

which doesn't contain the word "Python" anywhere in its body text - 
though as I did point out, the title of the page *does*. Sorry about the 
lack of clarity.

I don't have any problem at all with the site, and I know that SpamBayes 
does actually reflect kudos on the Python language in many people's minds.

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC             http://www.holdenweb.com/

From tameyer at ihug.co.nz  Thu Sep  1 04:06:17 2005
From: tameyer at ihug.co.nz (Tony Meyer)
Date: Thu, 1 Sep 2005 14:06:17 +1200
Subject: [spambayes-dev] [Fwd: RE: SpamBayes wins PCW Editors Choice
	Awardfor anti-spam software.]
In-Reply-To: <ECBA357DDED63B4995F5C1F5CBE5B1E803C74FB3@its-xchg4.massey.ac.nz>
Message-ID: <ECBA357DDED63B4995F5C1F5CBE5B1E801DB050C@its-xchg4.massey.ac.nz>

[...]
> I was actually referring to the SpamBayes home page at
> 
>      http://spambayes.sourceforge.net/
> 
> which doesn't contain the word "Python" anywhere in its body text - 

Does now :)  (I threw it in at an easy place; if anyone wants it done
differently, send a patch, or check it in ;)

=Tony.Meyer


From skip at pobox.com  Thu Sep  1 04:17:01 2005
From: skip at pobox.com (skip@pobox.com)
Date: Wed, 31 Aug 2005 21:17:01 -0500
Subject: [spambayes-dev] [Fwd: RE: SpamBayes wins PCW Editors Choice
 Award for anti-spam software.]
In-Reply-To: <43165ECE.7070101@holdenweb.com>
References: <43165ECE.7070101@holdenweb.com>
Message-ID: <17174.25757.887074.82191@montanaro.dyndns.org>


    Steve> I was actually referring to the SpamBayes home page at

    Steve>      http://spambayes.sourceforge.net/

    Steve> which doesn't contain the word "Python" anywhere in its body text
    Steve> -

I found it in the "How is SpamBayes different?" section.  Considering where
most of the questions about SpamBayes comes from (Outlook users who are
generally not programmers), that's fine with me.

Skip

From skip at pobox.com  Thu Sep  1 04:55:34 2005
From: skip at pobox.com (skip@pobox.com)
Date: Wed, 31 Aug 2005 21:55:34 -0500
Subject: [spambayes-dev] [Fwd: RE: SpamBayes wins PCW Editors Choice
 Award for anti-spam software.]
In-Reply-To: <17174.25757.887074.82191@montanaro.dyndns.org>
References: <43165ECE.7070101@holdenweb.com>
	<17174.25757.887074.82191@montanaro.dyndns.org>
Message-ID: <17174.28070.10543.113811@montanaro.dyndns.org>


    Steve> which doesn't contain the word "Python" anywhere in its body text

    Skip> I found it in the "How is SpamBayes different?" section.

I must apologize to Steve.  I forgot about Tony halfway 'round the world
ready to fix any problem with SB at a moment's notice.  He'd already updated
the page before I saw Steve's note.

Skip

From twhitehe at uwo.ca  Thu Sep  1 15:01:17 2005
From: twhitehe at uwo.ca (Tyson Whitehead)
Date: Thu, 1 Sep 2005 09:01:17 -0400
Subject: [spambayes-dev] Experience with Word Pairs
Message-ID: <200509010901.25056.twhitehe@uwo.ca>

A while back I noticed that the sentence structure in the random text spam 
(with picture advertising) is frequently bad.  I figured word pair statistics 
might pickup on this, so I enabled it (I get alot of this type of spam).  I 
seem to recall reading somewhere in the documentation that you guys wanted 
feedback from people trying out the classification of word pairs instead of 
just words.

I am now getting about 1/2 the amount of spam that I got without the word 
pairs.  That is, about 20-30 spam messages a week that are not classified as 
spam (either ham or unkown) compared to about 50-60.  All together, spam 
bayes cleans out about 300 spam messages a week from my box.

Nice piece of software guys!  My email had pretty much become unusable before 
I installed it.

Thanks again!  -T

PS:  On the subject of spam, I believe it would be a good idea to create a 
system that automaticaly replied to (and visits any links in) detected (and 
flagged) spam.

This would greatly decrease the economic feasability of spam.  Valid responses 
would be buried in piles of return spam.  Websites would be immediately 
DOSed.

The tricky bit would be making sure the system could not be manipulated to 
take out legitimate sites.

-- 
 Tyson Whitehead  (-twhitehe at uwo.ca -- WSC-)
 Computer Engineer                          Dept. of Applied Mathematics,
 Graduate Student- Applied Mathematics      University of Western Ontario,
 GnuPG Key ID# 0x8A2AB5D8                   London, Ontario, Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.python.org/pipermail/spambayes-dev/attachments/20050901/22f2c805/attachment.pgp

From sethg at GoodmanAssociates.com  Thu Sep  1 20:02:31 2005
From: sethg at GoodmanAssociates.com (Seth Goodman)
Date: Thu, 1 Sep 2005 13:02:31 -0500
Subject: [spambayes-dev] Experience with Word Pairs
In-Reply-To: <200509010901.25056.twhitehe@uwo.ca>
Message-ID: <MHEGIFHMACFNNIMMBACAAEDMKEAA.sethg@GoodmanAssociates.com>

> From: Tyson Whitehead
> Sent: Thursday, September 01, 2005 8:01 AM

<...>

> PS:  On the subject of spam, I believe it would be a good idea to
> create a system that automaticaly replied to (and visits any links
> in) detected (and flagged) spam.
>
> This would greatly decrease the economic feasability of spam.
> Valid responses would be buried in piles of return spam.  Websites
> would be immediately DOSed.
>
> The tricky bit would be making sure the system could not be
> manipulated to take out legitimate sites.

You've got the major problem identified.  Most return-paths in spam are
already forged.  It would be trivial for spammers to include buried
references to legitimate web sites to make retaliating against URL's listed
in spam self-defeating.  This is largely why this retaliation concept has
never gone very far.

At present, you can do an SPF check on the return path.  If the domain owner
has published a SPF record and the SPF result in PASS (as opposed to
neutral, softfail or unknown, and definitely not fail), you can then assume
that the return-path domain is validated.  At that point, you could fake a
DSN to the authenticated return-path, if your provider doesn't whack you for
masquerading as their MTA.  There is nothing stopping you from sending them
hate mail as a form letter, though.  In the absence of a definitive SPF
pass, you are pretty much stuck with no knowledge as to which addresses are
forged.  Abusing one innocent bystander would do more harm than any benefit
from using the resources of 100 spammers, so you have to be _very_ careful.

You should also be aware that network abuse, even for a good cause, still
violates the TOS of virtually every honest provider on the planet.  That
being said, if you receive a piece of spam with a URL that is listed in
SURBL, you are on rather solid ground to send a bot to that site and use
some of their bandwidth - lots of it.  Since they did sent you an invitation
to visit their site, you're just paying them the requested visit :)  Unless
they publish a site use policy that prohibits non-human visitors or limits
bandwidth, I suspect you would be on pretty defensible ground.  However,
IANAL!

If you want to get back at spammers, one excellent strategy is to start
implementing blacklists (DNSBL's) and reject messages at SMTP time.  You
would preferably do this at the start of the TCP connection, before they can
even issue any SMTP commands.  While I am a giant fan of SpamBayes, it is,
after all, a post-acceptance content filter.  The spammer knows that the
message has been accepted, and a small fraction of those will ultimately be
read.  OTOH, if the message is rejected during the SMTP session, they know
with surety that _no one_ will read that message.  The more immediate
rejections they experience, the less attractive spamming becomes as a
business.  Since blacklists are always a bit behind and spammers are highly
mobile, we will always need content filters.  However, the more messages we
can reject, instead of accepting and silently dropping, the weaker the
spammers business model becomes.

Another method for "fighting back" that has gained a following is the
tarpit.  This is an evolution of the earlier technique of "teergrubing".
Briefly, a tarpit is a process run on the recipient MTA that traps hostile
senders by decreasing the acceptable packet size to a ridiculously small
value, responding only after very long time delays and _always_ requesting
retransmissions.  It is the essence of passive-aggressive behavior.  Since
we don't want the TCP session to ever end, we don't need to keep track of
its state and it is therefore possible to tarpit an arbitrary number of
hostile senders with one single process at the recipient.  OTOH, each sender
has to keep an open socket and process going as long as they are stuck in
your tarpit, which is often for a few days.  Typical 'nix machines can
handle 15K or so processes before they are brought to their knees, and Win
boxes die before that.  If you tarpit a zombied Windows box, you are actuall
y doing the owner a favor.  When their box finally stops working, they _may_
call their local provider for assistance and figure out they have been
compromised.

There are a number of public domain implementations of tarpits if you want
to set up your own MTA.  They are written so it only takes a few percent of
a typical CPU to trap a few thousand hostile senders at a time.  Some of the
systems automatically populate their own list of IP's to tarpit based on
spam received, others rely on external blacklists.  The U.S. Dept. of
Defense became interested in this technique as a method of countering a
large-scale DDoS that might paralyze sections of the internet.  Their
analysis calculates the number of tarpits necessary to neutralize a
wide-scale TCP-based attack, and the number is surprisingly small.  They
are, as the U.S. Food and Drug Administration would say, "safe and effective
when used as directed".

--

Seth Goodman


From andrew.callaghan at xtra.co.nz  Thu Sep  8 11:27:08 2005
From: andrew.callaghan at xtra.co.nz (Andrew Callaghan)
Date: Thu, 8 Sep 2005 21:27:08 +1200
Subject: [spambayes-dev] Suggestion for next Sb version
Message-ID: <20050908092825.WAPN1516.sf1290-rme.xtra.co.nz@99w7a6raln>

Hi Guys , great product.
 
Cleans out all the spam my ISP doesn't catch in their filters. Which leads
me to my suggestion. My ISP , xtra.co.nz has brightmail filtering enabled.
You can forward spam to them which is added to the brightmail system.
Unfortunatly I cant find a way to automate this in outlook2003. You cant do
it in rules because you would have  conflicting rules about moving mail and
forwarding at the same time. Could you put an option in to automatically
forward spam to another address?
 
Regards
 
Andy Callaghan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20050908/541361e6/attachment.htm

From tameyer at ihug.co.nz  Fri Sep  9 04:04:40 2005
From: tameyer at ihug.co.nz (Tony Meyer)
Date: Fri, 9 Sep 2005 14:04:40 +1200
Subject: [spambayes-dev] Suggestion for next Sb version
In-Reply-To: <ECBA357DDED63B4995F5C1F5CBE5B1E803DBA5F6@its-xchg4.massey.ac.nz>
Message-ID: <ECBA357DDED63B4995F5C1F5CBE5B1E803DC79D0@its-xchg4.massey.ac.nz>

> You cant do it in rules because you would have conflicting rules
> about moving mail and forwarding at the same time. Could you put
> an option in to automatically forward spam to another address?

The best place for feature requests is on sourceforge:
<http://sf.net/projects/spambayes> (requests can easily get lost on the
lists, but the tracker stays there until someone deals with it).

If you are willing to do this in a batch mode then it would be easy enough
to create a rule that forwarded all messages, then you could periodically
run this on the spam folder.  If Outlook let you attach rules to folders,
then it could do this automatically, but AFAICT you can only attach rules to
public folders, IMAP inboxes, and the place you've chosen to dump all POP3
mail (with Outlook 2002, anyway).

=Tony.Meyer


From service at paypaI.com  Mon Sep 26 13:35:03 2005
From: service at paypaI.com (service@ paypal.com)
Date: Mon, 26 Sep 2005 07:35:03 -0400 (EDT)
Subject: [spambayes-dev] E-Mail ID #319042 PayPal Security Notification of
	Limited Account Access [24 Sep 2005 15:36:12 +0400]
Message-ID: <200509261135.j8QBZ3jK049801@newsbuilding.com>

An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20050926/e7901e4d/attachment.htm

From bedcedric at nyo.coudert.com  Mon Sep 26 15:51:36 2005
From: bedcedric at nyo.coudert.com (Cedric Bedwell)
Date: Mon, 26 Sep 2005 08:51:36 -0500
Subject: [spambayes-dev] Worth Three Times the Cost Pharrmacfy
Message-ID: <694440.CPAVGYLLTCS@Padishah>

CiaLevCelXanProUltMerValViaAmb
lisitraebrexaxpeciaramidiaiumgraien
1.21  3.753.33 
http://www.glascordial.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20050926/8dd4e056/attachment.html

From mike at horrocky.com  Wed Sep 28 23:46:39 2005
From: mike at horrocky.com (Mike and Lynn Horrocks)
Date: Wed, 28 Sep 2005 22:46:39 +0100
Subject: [spambayes-dev] 2 Types of Spam
Message-ID: <NKEMIEKKAOOABPKDMBMJKEEACIAA.mike@horrocky.com>

One feature that seems to be missing from Spambayes  - and other spam
checkers is the ability to distinguish & then sort unwanted spam from wanted
spam. Unwanted being the stuff I know I never want to look at eg Viagra
adverts, Cheap USA mortgage offers,  Nigerian business opportunities etc
etc. Wanted spam is the stuff I do check from time to time eg Lastminute.com
offers, Misco catalogues etc.

Any chance of offering such a facility. It would seem that you have all the
basic tools to make it happen.

Mike

Phone (Home): 01670 715719
Phone (Mobile): 0789 115 3817
E-Mail: mike at horrocky.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20050928/b99a3abf/attachment.html

From DConstan at momsys.com  Thu Sep 29 15:20:01 2005
From: DConstan at momsys.com (Dennis Constan)
Date: Thu, 29 Sep 2005 09:20:01 -0400
Subject: [spambayes-dev] Updating SpamBeyes
Message-ID: <E8691D62556B8649A535F0CCC9E9EBC401218FCA@msg-server-1.momsys.com>

I want to download the latest version.  I receive a list of "mirrors" to
choose from.  What does this mean?  When I do download a version (US), a
pop up reveals there is no digital signature.  

I am not sure what I should do at this point.

Do I need to delete the previous version and install the latest version?

Also, when I log onto my PC in the morning, the spam does not
automatically move the emails to the appropriate folder automatically.
I have to perform this activity manually.  Any suggestions?

Dennis Constan
Sales Manager
856-727-0777
http://www.momsys.com/
 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20050929/f11be3e3/attachment.htm