Drew Community  

Go Back   Drew Community > General Forums > Technology Discussion
uLogin ID  
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 08-16-2008, 09:11 AM
Daniel M. Lawson
 
Posts: n/a
Default Spam Quarantine question

I was using Lexis Nexis through the Drew library web site and had it e-mail me citations for the articles I found. I was surprised to find that the spam quarantine had caught the articles I sent myself. In my naiveté, I thought that I was sending a message from the library to my own mail account, and thus the spam filter wouldn't come into play. Thinking back on it, I realized that the e-mail was generated by Lexis Nexis and not the library, and thus it was an external message, but then I started wondering how an e-mail message full of citations to newspaper articles would "look like" spam to the filter.

Out of curiosity, do any Drew internet users out there get spam that looks like citations to newspaper articles?
Reply With Quote
  #2  
Old 08-18-2008, 10:15 AM
Scott Wood's Avatar
Scott Wood Scott Wood is offline
Moderator
 
Join Date: Jun 2005
Location: Morristown, NJ
Posts: 42
Default

If you view the headers of the email message (click on Message Source tab if you are using the GroupWise client), you can see headers added by the Barracuda that provide more information about why the message was quarantined.

I don't know if this messages with newspaper article citations are quarantined with any frequency; if others are experiencing this problem, let us know. Generally speaking, the Barracuda is pretty conservative and doesn't produce many false positives.

You'll probably want to add the host that nexis-lexis email originate at to your whitelist so this doesn't happen again.
Reply With Quote
  #3  
Old 08-18-2008, 12:45 PM
Daniel M. Lawson
 
Posts: n/a
Default

Quote:
Originally Posted by Scott Wood
If you view the headers of the email message (click on Message Source tab if you are using the GroupWise client), you can see headers added by the Barracuda that provide more information about why the message was quarantined.

I don't know if this messages with newspaper article citations are quarantined with any frequency; if others are experiencing this problem, let us know. Generally speaking, the Barracuda is pretty conservative and doesn't produce many false positives.

You'll probably want to add the host that nexis-lexis email originate at to your whitelist so this doesn't happen again.

I did, thanks. I was just curious if others had this problem, because I have found that in general Barracuda tends to be conservative, and find very few false positives in my spam box.
Reply With Quote
  #4  
Old 08-18-2008, 01:36 PM
John D. Muccigrosso John D. Muccigrosso is offline
Junior Drewid
 
Join Date: Jun 2005
Posts: 112
Default

Quote:
Originally Posted by Scott Wood
If you view the headers of the email message (click on Message Source tab if you are using the GroupWise client), you can see headers added by the Barracuda that provide more information about why the message was quarantined.

I don't know if this messages with newspaper article citations are quarantined with any frequency; if others are experiencing this problem, let us know. Generally speaking, the Barracuda is pretty conservative and doesn't produce many false positives.

You'll probably want to add the host that nexis-lexis email originate at to your whitelist so this doesn't happen again.
Here's a fun header line:

Quote:
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.1.3016 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 2.46 FUZZY_PRICES BODY: Attempt to obfuscate words in spam
What does that mean? Are there too many long words in the message? (not joking)
Reply With Quote
  #5  
Old 08-18-2008, 04:05 PM
Scott Wood's Avatar
Scott Wood Scott Wood is offline
Moderator
 
Join Date: Jun 2005
Location: Morristown, NJ
Posts: 42
Default

Some of the rule descriptions are more obvious than others; looking at them may provide some clue as to why a message was quarantined. Here is a relatively up to date list of SpamAssassin tests: http://www.futurequest.net/docs/SA/

The 'fuzzy' tests seem to be looking for various misspelled words relating to various categories of spam messages.
Reply With Quote
  #6  
Old 08-19-2008, 09:59 AM
John D. Muccigrosso John D. Muccigrosso is offline
Junior Drewid
 
Join Date: Jun 2005
Posts: 112
Default

Quote:
Originally Posted by Scott Wood
Some of the rule descriptions are more obvious than others; looking at them may provide some clue as to why a message was quarantined. Here is a relatively up to date list of SpamAssassin tests: http://www.futurequest.net/docs/SA/

The 'fuzzy' tests seem to be looking for various misspelled words relating to various categories of spam messages.
This was a scholarly review of a book. There were no misspelled words.

Anyway, I added the sender to my whitelist, so it shouldn't happen again.
Reply With Quote
  #7  
Old 08-19-2008, 10:28 AM
Mike Richichi's Avatar
Mike Richichi Mike Richichi is offline
Moderator
 
Join Date: Jun 2005
Location: Chatham, NJ
Posts: 220
Default

Quote:
Originally Posted by John D. Muccigrosso
This was a scholarly review of a book. There were no misspelled words.

Anyway, I added the sender to my whitelist, so it shouldn't happen again.

More precisely, the match that got it classified as spam was FUZZY_PRICES, so there were words in the message that looked close enough to "prices" to get the spam filter to think someone was misspelling "prices" to evade detection. I could see the word "precis" being used in a book review, for instance.
__________________
--Mike Richichi
Director of Computing and Network Services
http://depts.drew.edu/cns/
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:14 PM.


Powered by vBulletin® Version 3.5.7
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

Drew University is not responsible for the content of posts made on this site. All posts and comments reflect the opinion of the author.