mailing list archives
Re: Where to get spam?
From: secbasics () dusty ece cmu edu
Date: Mon, 19 Feb 2007 18:36:47 -0500
On Mon, Feb 19, 2007 at 11:27:07AM -0500, Mark Teicher wrote:
This is a very interesting question. Why do you need spam from 2006/2007
Because that's the only time period for which I have the other portscan and attack traffic which I intend to correlate
, SPAM TTL is <24
I don't know what you mean there.
, most SPAM engines will not detect SPAM > 30 days old. I have researched this problem for over a long period of time,
most anti-spam products out there will have issues detecting any type of spam over 2 weeks old, since keeping
signature/heuristic bases that huge will slow down the performance of the product, which is an interesting question in
of itself. Why..
I'm basically not looking to classify spam myself, I am looking for "known spam" (where I hope other people's filters
are accurate, but it shouldn't make too
much of a difference if they're not since the misclassifed mail will look like a dedicated spammer rather than a bot,
and will be excluded anyway)
You are better off working with a university or local school that retains their mail for some period of time
Yeah, therin lies the problem...CMU just nukes anything that gets classified as spam at the highest level, and I can't
get access to stuff anyway because
they're worried about sending me some false positive which is actually a real person's real mail.
At 04:16 PM 2/17/2007, secbasics () dusty ece cmu edu wrote:
That was almost perfect. Unfortunately since I am correlating spam data against other traffic types, I need the spam
to be from 2006/2007, and the most recent
one there is 2005.
Thanks anyway though.
On Sat, Feb 17, 2007 at 01:23:39PM +1100, David West wrote:
Try the SpamAssassin public mail corpus..
On 2/16/07, secbasics () dusty ece cmu edu <secbasics () dusty ece cmu edu> wrote:
Does anyone know organizations which give away spam captures? I mean,
obviously I will get lots of spam just from posting on this list (;)) but
I would like to
get more to analyze. It seems like every couple months some student does a
project which requires spam but they always have to start from ground
there anywhere which gives spam to security researchers?