On Sun, 2004-08-29 at 17:46, AccuSpam wrote:
Will the PRA enable me to say this is a forgery?
Because this spam will very likely get through most per-user Bayesian (unless
names such as "Olusegun Obasanjo" are used on future spam runs), and there
isn't a url in the e-mail to correlate.
You might be surprised at how often that name comes up in spam:
http://groups.google.com/groups?q=Olusegun+Obasanjo+net-abuse
Doing domain reputation of "sina.com" (or change it to "hotmail.com"
hypothetically) could cause many false positives, and this would apply even
if Return-Path == From.
The only ways I see to possibly catch a spam like this without causing false
positives is to use a much higher degree of cross-correlation (I will not
elaborate).
Regular Bayesian filters such as the one built in to mozilla-mail are
very good at detecting Nigerian 419 scams like this one. Please choose a
better example to illustrate your (valid) points.
Nigerian 419 scammers make extensive use of freemail accounts; most of
them aren't actually forgeries at all.
Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>