Speakup with Sundial Systems (Topic: Junk Spy) from 02/07/00Longstaff i have no idea where i was last night :)Sector Should have seen it when you logged inSwanee Longstaff: Hmmm... what does that tell me Charles? :-)Abraxas Hi, rollin nad randellAbraxas and, evenLongstaff it's in the titlebar of this fabulous new gadget....only i'm not used to looking below the top titlebar * Abraxas can't type too well, tonight :-) *Longstaff hiya danAbraxas Hi, LongstaffLongstaff hiya os2-007Rael 007!os2-007 hi Longstaff and Rael ;)Abraxas MODE +o randellAbraxas MODE +o rollin * WarpHoss is glad to see everyone. *Swanee Big news today... IBM is going to refresh OS/2Abraxas Welcome, everyone, to the VOICE ChannelLongstaff Swanee: - i told ya they wouldSwanee Longstaff: Hey, "I knew it all along" :-)Swanee heheAbraxas I'd like to welcome our guests for this eveing, Randell Flint and Rollin White, from Sundial Systems * Longstaff still doesn't multiple boot *Longstaff and Swanee - i'm on the record from last yearAbraxas I've been informed that tonight's discussion will center around the recently released Junk Spy utility.DSOMber1 Hello all.Sector Hi JohnAbraxas randell, rollin ... it's all yours :-)Sector Hello warpitrollin Thank you!Sector Hello there DSOMber1warpit hirollin First, let me start with a quick description of Junk Spy.John hellorollin Junk Spy solves the problem of Spam.rollin It works between your email program and mail server to detect and flag junk email. You then use your email program's filter capability to deleterollin the mail, move it to a folder, forward it to your favorite enemy, whatever.rollin Junk Spy works with any POP3 mail client and has been tested and verified with all of the popular OS/2 mail programs.John I think I got at least 10 "Want to make real money?" Spam in the last 2 days.madodel0 billgates@microsoft.comRael Heh. ;-) The key to Junk Spy over traditional email filter approachs isrollin that Sundial has spent lots of time doing the research on all of the junk mail, not just the junk mail you've received. This research is ongoing and helps us update the Junkrollin detection database. Infact the first update is due out next week. These updates and Sundial's effort help make Junk Spy therollin hands off solution to Junk Email. No longer do you have to waste time deleting junk email or trying to improve your own filters. Sundial and Junk spy do it for you.John so it works like a "virus detector?" You're always updating it?rollin Exactly.rollin The updates are automatic too.John sounds good.Rael Does it sit between the POP server and the mailer? When we create the update it is automatically sent to you androllin Junk spy will intercept it and updates it's database without your intervention.rollin Rael, yes exactly.madodel0 Can the user update the detection database themselves? We have provided an update center on our web site so that ifrollin you've missed an update or have reinstalled, you can re-request the updates.rollin You'll see a history of what updates were created and when they were sent as well as any other account activity.randell madodel0, did you mean "changes" (as opposed to getting the updates manually which is what Rollin answered)?rollin Sorry, yes you can make changes to the database yourself.madodel0 randell: Yes, personal changes, rather then official onesrollin Also, there is a global exception list which is the most common update to the database.randell And, any changes you make to the database are *preserved* when *our* automatic updates are applied! The changes you make are preserved in the automatic updaterollin process as well. If JS detects you've made changes to a detector, it will not overwrite those changes.randell It's really rather a keen database/detection update scheme we've come up with.randell It's all totally automatic, yet still under your control if you want it to be. We also use a few other technologies other than our detectionrollin database. We use MAPS's Realtime Black hole list and Real time spam stopper list to add additional filter accuaracyLongstaff query method, or, uhh maybe filter methodrandell Longstaff, I didn't quite understand your comment.Longstaff i was just curious about the techniquerandell It's rather involved (and we consider some of it a proprietary secret)...Rael Take us through a sample spam...what happens when Junk Spy sees it? How does it know its a spam? Keywords?randell but it's based on us knowing internally what "came from the factory' vs what you've added or changed.rollin Rael, As Junk Spy is downloading the message it examines it based on the detection database.rollin In simple terms, yes keywords, but it's a little more specific than that.Longstaff it must be pretty hot :)rollin Then, if nothing is matched, it checks RBL and RSS.rollin If either of those match Junk Spy adds several lines to the header of the message. They indicate that it's considered junk, and why. Then therollin message is either destroyed, or sent on to the email program depending on user settings.randell It's also important to know that our detectors can scan for both "inclusions" and "exclustions"...John What happens if the sender requests a receipt? That function is not touched by Junk Spy. IF your emailrollin program supports receipts, then it should still generate the receipt.randell and that's a part of the key to help *reliably* distinguish junk from non-junk.rollin Junk Spy logs all of it's activity so you can review what it's done. We've also found that most people's TCP/IP configuration is arollin little screwy, so we've provided a TCP/IP wizard to help configure TCP/IP so that Junk Spy can operate.Abraxas Speaking of the TCP/IP Wizard Sounds great! Gwen just got 2 copies of "nude celebreties CD"John Spam - I got one. We weren't interested. I'll buy it. Thanks, Sundial.Abraxas Mine doesn't seem to work correctly (machine name is localhost)rollin What doesn't work properly about it?Abraxas JS throws a pop-up error message that says it couldn't find the machine localhost, but it works, anywayrollin Hmm, strange. I'll send you an email so we can debug the problem.Abraxas OK Junk Spy also does several things on-the-fly to try to correctrollin common TCP/IP problems. For example, it will create the loopback interface automatically if it does not exist.John Bye - gotta go.Abraxas It's currently monitoring 4 e-mail accounts .. and doing a fine job of it ... but that TCP/IP error is "weird"Sector Bye Johnwarpit rollin/randel does JS work plain old netscape 4.04????rollin Yes, it works with 2.02, 4.04, and 4.61. It works best with 4.61 because it has filters.warpit how do you normally rev it up???rollin Normally, you just start Junk spy and let it run. It's mostly driven by your email program sending it commands. Abraxas, one of the questions we get asked alot is if Junk Spyrandell support multiple email accounts (which is does). Since you're using it that way maybe you could comment? It's amazing how the junk mail problem has grown. We haverollin several test accounts we've created. For one we posted one newsgroup message. For another we put it on one web page. They've both received 100's of messages.Abraxas randell I had a bit of difficulty figuring that one out .. until I reaf the entire online help file :-)rollin What would have made it more obvious? warpit, once Junk Spy is started, your email program sees itrandell as if it is your mail server; your mail server sees it as if it is your email program; it just sits in between and does it's jobAbraxas Basically, you set the e-mail program to look for e-mail onAbraxas Then you change your username to reflect the path to your mailserverSector Use JunkSpy as your POP3 server, configure JunkSpy as you would your email program (say mail.anywhere.net)warpit randell so it does not matter which program is started first????Abraxas Where my username would normally be dcasey, i changed that to dcasey3@bchgrv1.in.home.comAbraxas dcasey3, that isrollin warpit, Junk Spy has to be running before you can check for mail, but otherwise, no. Setup each account, using the machine name for the server, andAbraxas add the real server to your userid, and JS works on all of themwarpit randell does it work with injoy and dsl/cable modems????Abraxas warpit I'm using it with Injopy Firewall and a Cable Modem It does. It really doesn't know the difference other than arollin cable modem environment might have a little more complex existing TCP/ * Abraxas still can't type :-) * Abraxas, and the key thing is that once you've done that...randell that's all there is to it correct? Junk Spy will mange the multiple connections from your email program without you having to do anything more.rollin IP setup.Abraxas randell yep ... it's all "seamless" after that I never know wheteher or not I have a particular account setupAbraxas with JS .. until I look at the messages moved to my TRASH folder, and see the additional lines in the headerrandell So, if you want, it can be "set it and forget it"... Our primary goal is no false junk messages. We're doing prettyrollin good, but through user feedback that's part of what we change in a given update.Abraxas I've filtered 1331 messages with the GA version ... was over 5000 withthe betas we encourage users to send junk messages that slipped throughrollin to junk@sundialsystems.com and false positives to nojunk@sundialsystems.com.rollin Abraxas wow! That's a high ratio! And, actually, the biggest job we had in developing therandell product was determineing the best rules for what is *not* junk!Rael If there is something that JunkSpy trashes that we want, is there a way to stop it from trashing? I did have one problem when I was using the Injoy DialerAbraxas ......DOD uses an IP address that, in theory, should never be seen, and never be routedrandell Rael, absolutely!rollin We have 1000's of junk messages and 100,000 + non junk messages that are used in testing.rollin Rael, yes just add a keyword or name to the global exception list. But we want to see it too! Occasionally, something would slip through the cracks, andAbraxas this IP address (I think it was 1.2.1.2) would get into the header of an e-mail message.Abraxas RBL Server would catch it, and tag it as junkAbraxas rollin ... that's the total number of messages .... not the Junk Several times in testing people would say, it marked something it shouldn't but I couldn't expect it to know the difference.rollin It turns out one filter was causing problems for most of those people. When I got them to give us details, it was easy to fix.randell Rael, one other key thing that may not be clear...randell While you *can* have Junk Spy actually trash messages as it finds them...Abraxas Out of the 1331, 77 have been detected as Junkrollin Abraxas, that's more reasonable :)randell The recommened method is to have it "tag" the message an junk...randell And then you use a very simple filter in your email program to "route" the tagged messages into a folder.Rael Ah. :-) That makes it simpler.warpit how big is this *database* and programs in meg????randell Then, you can review the tagged messages at your leisure to make sure there wasn't something you really wanted.rollin The whole thing is less than 5 megs, closer to three. randell That's exactly what I do with PMMail ... as PMMail hasAbraxas a tendency to pass an empty message anyway, If I choose to have JS delete the messagerollin Yes, PMM isn't happy with the delete option of Junk Spy but it works well with the tag option.randell And much of that is documentation. If you download it, the image is under 1 meg as I recall.rollin Yes, officialy it takes 1.4 m to install, and about half is docs.warpit is there any screen response that shows that its working????rollin Yes, there is a small window and status icon to show what stage of processing it is in.Abraxas VERY smallAbraxas :-)warpit neat!!!!!randell And most of the database updates we automatically send you are "deltas" so they aren't all that large either.rollin It's meant to not be intrusive.rollin Randell, no but the database will grow over time. Even if it doubles, that's only about 600k.rollin IT doesn't significantly add to the message download time either.mandie g'evening :)Sector Hi mandierollin Right on time!warpit what if i use more than one isp????? do i need different tcp/ip configs?????Abraxas Hello, JudySector How's the birthday party
