RE: Spam Screening Tips - IP Addresses in HTML spam as Keywords
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 11 Dec 2002 17:29:55 -0600
Hi Edward,
Ha! We're probably getting the same spam :-) I'll try the IP addresses
in the spam itself and see if I can catch even more. I don't believe
there's anything public that allows you to bring the list into the
filter, although hopefully we'll be able to find out soon where those
entries are stored in the registry and maybe we can just import that
key. Wouldn't that be nice?!
My list was exported from MailEssentials -- which has a built-in import
export tool :-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
http://tinyurl.com/1jq1
http://tinyurl.com/1llp
-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: Wednesday, December 11, 2002 11:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Spam Screening Tips - IP Addresses in HTML spam
as Keywords
http://www.ISAserver.org
Using the IP's seems to be helpful dynamically - in my analysis I have
seen that while the keywords change, the IP's that are sending the spam
do not. Often times I have seen new spam showup in the catch-box that I
have not seen before, and the IP keywords are what is pulling it in.
Your list looks GREAT, funny thing is I recognize a lot of them from
keying them into our ISA server myself! Is there an easy way to import
or pull your list into ISA, or would they need to be keyed in manually?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, December 11, 2002 10:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Spam Screening Tips - IP Addresses in HTML spam
as Keywords
http://www.ISAserver.org
Hi Edward,
I don't use domains or addresses, but I make liberal use of keywords. If
you check out ftp.tacteam.net/isaserver you'll find a file called
something like spam.tx_ that contains my extensive list of spammer
keywords. I add to it everyday and its becomes sort of a hobby. Of
course, you should check the list against the type of business you're
in. If you're in the financial services business, then there are some
keywords you would want to remove from the list. If you're in the red
light district trade, then there are a lot of the key words you would
want to remove :-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
http://tinyurl.com/1jq1
http://tinyurl.com/1llp
-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: Wednesday, December 11, 2002 9:58 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Spam Screening Tips - IP Addresses in HTML spam as
Keywords
http://www.ISAserver.org
I use IP addresses in spam that link back to the remote images, remove
me links, etc for the creation of keywords for the SMTP Filter. For
example, a piece of spam comes in from domain.com, and an image in the
HTML (or the remove me link) links back to
http://192.168.xxx.xxx/etc/example.
Using this information, I add domain.com to the blocked domain lists,
and "//192.168" in the keyword list. You would be surprised how much
spam we catch using this method!
Are there any other tips or tricks anyone has to share on how to
maximize the ISA SMTP Filter to stop spam?
Ed Sullivan
Director of Information Services
esullivan@xxxxxxx <mailto:esullivan@xxxxxxx>
KMA Direct Communications
Confidential and Proprietary
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
