End-of-year wrap-up

Well, here we are on New Year’s Eve.  I’d like to reflect a bit on this blog about the past year: I succeeded in my goal of learning Unix better.  This, as you may recall, was a New Year’s resolution.  While I hardly consider myself an expert at Unix, I have gotten pretty good with…

1

Response to Trust-based messages

In my other post in a Q&A excerpt with Dave Crocker by Investor’s Business Daily, I’d like to now respond to some of my selected quotes. Crocker: You have to create what I call a trust overlay to the existing e-mail system. Existing senders and receivers can continue to use e-mail as before… All we’re…

1

Some early stats on TMA

We finally got around to deploying all of our new features from our latest release.  As I explained a couple of months ago, I created a hybrid of SPF and SenderID in response to customer demand.  I called it TMA, or Terry’s Message Authentication.  It was an SPF check on the From or Sender header…

1

Spam’s new nemesis: Trust-based messages

The other day I was reading Investors Business Daily and came across an article whose title you see in the subject line of this blog post.  The article is a Q&A Dave Crocker of BrandenBurg InternetWorking.  If you’re like me and too lazy to click the link and read the article, allow me to post…

3

Classic Viagra spam

It’s been a while since I processed the spam abuse inbox, but I came across the following spam message today. Usee \/ i a g r /\ Proo and all wmoen wiill be yorus. Etxend the qualtiyof yoour sxeual perfromance with Ge |\| eerik \/ i a g r /\. This takes me back to…

0

If perception is everything, then Gmail needs better filtering

Every now and again, I get spam delivered to my inbox from one of the leading webmail services.  AFAIK, there are the big 4: Gmail, Yahoo, Hotmail and AOL. The thing is that to my work email account where I get some of my mail (ie, I eat our own dogfood), I rarely, if ever,…

5

Once again, I’m proven right about false positive lag time

I hate to brag (no, wait, I love to brag), but once again I have been proven right. One the problems with getting accurate statistics about false positives is that users quite regularly submit them late.  So, assume for the week of Dec 3 – Dec 10 we report that we had 100 false positives. …

2

A rarity – I’m proven wrong!

The other day, I posted that the Christmas season is upon us and that there has not been a major correlation between an expected rise in Christmas spam and the actual spam that we are seeing on our networks. However, I believe that I have now seen such evidence.  Last Friday, December 14, we experienced…

1

The 12 days of Christmas spam song

Kudos to Symantec for coming up with this 12 Days of Christmas Spam song.  Very clever. It’s going to be very tough to top this.

0

Numbers don’t lie, but they can confuse (part 3)

As I was saying in my previous post, one of the interesting relationships I have discovered is that the better our virus filters perform, the more spam our end-users see in their inbox (and the less total mail we see on our network). Another very interesting phenomenon affecting SITI is with regards to our bl[ao]cklists. …

1

Numbers don’t lie, but they can confuse (part 2)

As I was saying in my previous post, statistics, and correlation and scatter plots in particular, are excellent ways of verifying whether or not relationships within components of the spam filter are valid or if the theory is spurious. Now that I have a derived Spam-in-the-inbox value (SITI), I calculated the correlation coefficient between a…

4

Numbers don’t lie, but they can confuse (part 1)

One of things I do here at Microsoft is look at numbers.  I have a table of statistics that I look at, not every day, but certainly a few times per week.  It’s a table of the daily number of messages we block, how many are blocked by content filtering vs blacklists, how many messages…

1

Security risks in a powerful corporation

Last week, I was watching the season finale of the second season of Heroes.  It’s not technically the season finale, but with the Hollywood writer’s strike, they finished off the first part of the season until new episodes could be written. Anyhow, my memory seems to be bit fuzzy at the moment, but there was…

1

It’s December! Time for the spam season, right?

Ah, the holidays are upon us.  And, as we all know, ’tis the season for piles of spam! Or is it?  Last year, we saw a very large run up of spam heading into December, but in the month of December itself I saw nothing out of the ordinary.  Here is the breakdown for the…

5

Behind the scenes (part 2) – Now I know how Homer felt

Following on from my previous post about who shot Mr. Burns, don’t worry, I’m building to something.  Mr. Burns begins to do a lot of evil things, including blocking out the sun.  The Simpson family is in their house discussing this turn of events.  Lisa asks Homer how he can work for such an evil…

5