Mailing List Archive

RE: Re[2]: [SAtalk] Re: Bigevil and thoughts....
I've also contacted the hound dogs over at the SPAM-L list on this. THey
agree that playaudiomessages.com is on the evil side. I did some Deeeeep
digging on them. It got uglier the harder I looked. Last report was Jan 30th
to news.admin.net-abuse.sightings so they keep using it for spam.

I'll remove any FPs reported by RM. ;)

--Chris

> -----Original Message-----
> From: Robert Menschel [mailto:Robert@Menschel.net]
> Sent: Saturday, January 31, 2004 3:14 AM
> To: Jennifer Wheeler
> Cc: 'Scott A Crosby'; 'Chris Santerre'; 'Spamassassin-Talk (E-mail)'
> Subject: Re[2]: [SAtalk] Re: Bigevil and thoughts....
>
>
> Hello Jennifer,
>
> Friday, January 30, 2004, 2:11:06 PM, you wrote:
> CS>>> I received a report of an FP in bigevil. The domain was
> CS>>> playaudiomessage.com. ...
> >>
> SC>> I think this is a mistake. Before, BigEvil had the high
> road, not a
> SC>> single domain in it had *ever* been reported as used in ham,
> SC>> warranting a high score. With this change, thats no
> longer true. ...
>
> SC>> I'm not saying that the domain should be forgotten, but that iit
> SC>> should at least be in a different list.
>
> JW> ... So I got lazy and now just download his work and use that. I
> JW> yank out the ones that I don't agree with. (few) ...
>
> I like BigEvil as an "absolutely no FP" file, but I don't
> trust ANYTHING
> that claims to be an "absolutely no FP" file.
>
> Before I install ANY file from anyone else, I run a masscheck
> on it, to
> see what it hits in my corpus. Results from BigEvil on Jan 12:
>
>
> OVERALL SPAM HAM S/O SCORE NAME
> 92212 74874 17338 0.812 0.00 0.00 (all messages)
> 1985 1985 0 1.000 1.00 3.00 BigEvilList_66
> 1456 1456 0 1.000 1.00 3.00 BigEvilList_186
> ...
> 323 322 1 0.987 0.96 3.00 BigEvilList_141
> 298 297 1 0.986 0.95 3.00 BigEvilList_9
> ...
>
> The ham it hit matched on:
> # BigEvilList_141="r.4at1.com" BigEvilList_9="4at2.com"
>
> So before I took in that version of BigEvil, I modified those
> two rules,
> removing those specific domains.
>
> Likewise, William Stearns maintains a marvelous blacklist,
> contributed to
> by quite a few people. I pick up an updated copy once a
> month. Before I
> install that copy, though, I remove several blacklists that
> flag definite
> spam on other systems, but which match ham on mine.
>
> The strength of SA is that it can be configured and tuned for each and
> every system, and often for each and every user. The weakness
> is that if
> you accept someone else's tuning blindly, that tuning may not
> be suitable
> for your system and your user.
>
> Your idea of having a second list, a SomewhatEvil.cf, is a
> good one. How
> do you recommend that second list be maintained and validated
> and scored,
> and who do you volunteer to do that work?
>
> Bob Menschel
>
>
>