Security Basics mailing list archives

Re: Where to get spam?

From: secbasics () dusty ece cmu edu
Date: Mon, 19 Feb 2007 18:36:47 -0500

On Mon, Feb 19, 2007 at 11:27:07AM -0500, Mark Teicher wrote:

This is a very interesting question.  Why do you need spam from 2006/2007


Because that's the only time period for which I have the other portscan and attack traffic which I intend to correlate 
against.

, SPAM TTL is <24
I don't know what you mean there.

, most SPAM engines will not detect SPAM > 30 days old.  I have researched this problem for over a long period of time, 
most anti-spam products out there will have issues detecting any type of spam over 2 weeks old, since keeping 
signature/heuristic bases that huge will slow down the performance of the product, which is an interesting question in 
of itself.  Why.. 

I'm basically not looking to classify spam myself, I am looking for "known spam" (where I hope other people's filters 
are accurate, but it shouldn't make too 
much of a difference if they're not since the misclassifed mail will look like a dedicated spammer rather than a bot, 
and will be excluded anyway)



You are better off working with a university or local school that retains their mail for some period of time


Yeah, therin lies the problem...CMU just nukes anything that gets classified as spam at the highest level, and I can't 
get access to stuff anyway because 
they're worried about sending me some false positive which is actually a real person's real mail.

Thanks

Aaron


Mark 

At 04:16 PM 2/17/2007, secbasics () dusty ece cmu edu wrote:
That was almost perfect. Unfortunately since I am correlating spam data against other traffic types, I need the spam 
to be from 2006/2007, and the most recent 
one there is 2005.

Thanks anyway though.

Aaron

On Sat, Feb 17, 2007 at 01:23:39PM +1100, David West wrote:

Try the SpamAssassin public mail corpus..
http://spamassassin.apache.org/publiccorpus/

David West

On 2/16/07, secbasics () dusty ece cmu edu <secbasics () dusty ece cmu edu> wrote:

Does anyone know organizations which give away spam captures? I mean, 
obviously I will get lots of spam just from posting on this list (;)) but 
I would like to
get more to analyze. It seems like every couple months some student does a 
project which requires spam but they always have to start from ground 
zero. Isn't
there anywhere which gives spam to security researchers?

Thanks

Aaron

Current thread:

Where to get spam? secbasics (Feb 16)
- Re: Where to get spam? Kelly Martin (Feb 16)
- Re: Where to get spam? Richard Cox (Feb 19)
  - Re: Where to get spam? secbasics (Feb 20)
- Re: Where to get spam? David West (Feb 19)
  - Re: Where to get spam? secbasics (Feb 19)
    - Re: Where to get spam? Jeffrey Rivero (Feb 19)
    - Re: Where to get spam? peter e higgins (Feb 20)
- <Possible follow-ups>
- Re: Where to get spam? Mark Teicher (Feb 19)
  - Re: Where to get spam? secbasics (Feb 20)
  - Re: Where to get spam? Micheal Espinola Jr (Feb 20)
    - RE: Where to get spam? Weir, Jason (Feb 20)