Not impressed with the new version.

[K1W1]

At this stage my opinion is that the Aus$11 I spent on the upgrade was a waste of money.
The older versions were very good at detecting and identifying spam and for that reason we have been using Mailwasher Pro for some 4 years or so. The new version just does not seem to work as well and appears to install by default with all the spam filtering turned off. I have no idea why that is but to me I'd suggest the opposite should be the case.
At this stage to say that I am unimpressed and under whelmed is an understatement it looks to me like the makers have taken a good functional program and turned it into a not so good visual marketing exercise. I would rather have a program that works instead of one that presents all sorts of info I don't need.

[rusticdog]

The old MailWasher you have would have a significant amount of training done which hasn't carried over to the new version as the core engines that drive this are very different. Once you've classified a number of emails, usually 100-200 you should find MailWasher picking up a lot more.

[mcullet]

At this stage my opinion is that the Aus$11 I spent on the upgrade was a waste of money.
The older versions were very good at detecting and identifying spam and for that reason we have been using Mailwasher Pro for some 4 years or so. The new version just does not seem to work as well and appears to install by default with all the spam filtering turned off. I have no idea why that is but to me I'd suggest the opposite should be the case.
At this stage to say that I am unimpressed and under whelmed is an understatement it looks to me like the makers have taken a good functional program and turned it into a not so good visual marketing exercise. I would rather have a program that works instead of one that presents all sorts of info I don't need.

Hi Kiwi - thanks for this feedback. (AUS $ - and in your an Aussie and your handle is Kiwi? That's too cool )

WARNING - GEEK SPEAK ALERT

I can see that you are unhappy with the new version but apart from a broad comment regarding 'info that you don't need', I'm no wiser about what it is that is about the new version that is giving you grief.

Your comment about spam filtering being installed off by default confused me. I installed the new product with the old one still in place, as per the recommendations. The installation process was more involved (IMHO) in the new product than the old version because there seemed to be lots of things that I could set, including things I really didn't understand initially. So I accepted the defaults and then spent some time playing with the program to learn how it worked, looked at the help system etc. I then tested it on one of my catcher accounts which is chock full of spam. Speed - excellent. Results (accurate identification of spam) ... not quite what I had in mind. (I've sent RD a PM about a somewhat related issue but he's been as busy as a one legged dog chasing a bunny on steroids. Without divulging too much about a PM (bad netiquette), I think I understood why some specific emails (from known criminals) came up as being OK. See below.)

Then I had to remind myself that I spent a fair bit of effort (initially) training the old program to recognise spam. Also, initially, I recall seeing similar results - maybe a bit better in the old version.

Here is an example of one email that I would have expected to have been detected as spam but scored 93 Bayesian and came up as OK:

Subject: Immediate Release of Your Compensation Payment
Attn,
 
This is to bring to your notice that approval have been granted by the United Nations to The IMF (International Monetary Fund) Nigeria Regional Payment Office to pay victims who have been scammed globally through the internet services part payment of $850,000.00 (Eight Hundred and fifty Thousand United States Dollars)for the fist quarter this fiscal year 2010.
 
According to the number of applicants at hand, 3682 Beneficiaries has been paid, 50% of the victims are from the United states, we still have more than 50% left to be paid their due compensation.
 
As of this date, we have been unsuccessful in our attempts to contact you regarding this development but my mail has always been returned undelivered, You are listed and approved for this payment as one of the beneficiaries to be paid, Get back to  me as soon as possible for detailed email and the immediate release of your compensation payment.
 
You are also advised to send your communication particulars which includes the following,
 
Full names
Residential Address details
Telephone Fax numbers
Age
Occupation
valid E-mail Address
 
You are also requested to stop any further communication with any other person(s) or office(s) to avoid any hitch in receiving your payment as Scheduled.
 
Yours faithfully,
 
Dr Solomon Williams
Head of Cards,
Central Bank of Nigeria (CBN)
Units 3 & 5,tinubu House.

Delivered-To: xxxxxxxxx
Received: by 10.231.162.67 with SMTP id u3cs192225ibx;
Mon, 23 Aug 2010 11:22:00 -0700 (PDT)
Received: by 10.150.31.15 with SMTP id e15mr5946504ybe.216.1282587720315;
Mon, 23 Aug 2010 11:22:00 -0700 (PDT)
Return-Path: <[email protected]>
Received: from n2.bullet.mail.cnh.yahoo.com (n2.bullet.mail.cnh.yahoo.com [203.209.250.220])
by mx.google.com with SMTP id u7si9247820yba.34.2010.08.23.11.21.58;
Mon, 23 Aug 2010 11:21:59 -0700 (PDT)
Received-SPF: neutral (google.com: 203.209.250.220 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=203.209.250.220;
Authentication-Results: mx.google.com; spf=neutral (google.com: 203.209.250.220 is neither permitted nor denied by best guess record for domain of [email protected]) smtp.mail=[email protected]; dkim=pass (test mode) [email protected]
Received: from [203.209.250.223] by n2.bullet.mail.cnh.yahoo.com with NNFMP; 23 Aug 2010 18:21:57 -0000
Received: from [203.209.250.218] by t2.bullet.mail.cnh.yahoo.com with NNFMP; 23 Aug 2010 18:21:57 -0000
Received: from [127.0.0.1] by omp103.mail.cnh.yahoo.com with NNFMP; 23 Aug 2010 18:21:57 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 17287 invoked by uid 60001); 23 Aug 2010 18:21:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.cn; s=s1024; t=1282587716; bh=iZPMXWAwJcRHywQWOHryk7/FuzwaeH0KtrRF+j0Tr+k=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=gpjuASUgN/5kmneb9kFsg/hHmtWoxisTPBBtozWBdjlu5y9cbbIEhglfzzuiImCt83G0G9bCvnDnZVmLbd3bsEuHBCOFNtQXyEDQv9StfWGER7VEjJ7SfpQZXHbwUUtQRY3gx1MnWXoNCFIfxXIi3Facrkc1vANUq5tA83uVzQ4=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.cn;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=S4BCb/sx6KPIV0c9pBOMgPhYhEgPD/7bmtSCLDOM+M9rT6pePVTGhfGzF+aD96WoHxwvWsLPoW5d3NX/XP+AISNsB0QUj9kMigzC7irkyggqMIb3HyZ0J2uG9p5quPM9iUdHQ+3d1G7+NXTqFkiY37DbCp7dbuNsGFg82f1XZXQ=;
Message-ID: <[email protected]>
X-YMail-OSG: 6iiYp_0VM1nUAUOVfjGLMcFOJnHkHCx3PGbjHOhr2XH5.QS
zFlHGW0.VTA0clI0JyxruCXCnHl1PDhjlJijdVQRCKwEh5L8SIb_6DLwaa1I
BYHuS2ehEmAzkTIizR06UtF7WlrPfPp1EBZFbiQmHun_WxtEhkgTHSmAr7UR
ywpMO3dGMD2GBO8trlRpfTD04_gzuEgXWeHLBnQ--
Received: from [41.184.2.65] by web92107.mail.cnh.yahoo.com via HTTP; Tue, 24 Aug 2010 02:21:56 CST
X-Mailer: YahooMailClassic/11.3.2 YahooMailWebService/0.8.105.279950
Date: Tue, 24 Aug 2010 02:21:56 +0800 (CST)
From: Dr Mansur Muhtar <[email protected]>
Subject: immediate release of your compensation payment.
To: [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2084986359-1282587716=:15554"

--0-2084986359-1282587716=:15554
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Headers are not always a waste of time to check - especially this one. If anyone is interested in learning how to identify where an email came from then they need to copy the header and past it into an email trace site. There are many, not all are accurate. I use www.ip-adress.com - it's free so long as you sign up and accurate contingent upon certain things that I'd prefer not to discuss in detail here. Suffice to say that criminals use certain web-based email services because they know their real IP is not revealed by header analysis. Feel free to copy and paste the header info I gave into the site and it will show you lots of useful info, including a Google map, GPS coordinates of the lad's internet cafe where it came from and other details (listed below)

This email came from Lagos, Ladgeria (Nigeria):
IP: 41.184.2.65
ISP: IPNX Nigeria Ltd
Host of this IP: 41-184-2-65.rv.ipnxtelecoms.com

I'm using defaults too - just like you. The account is a Google one.

I realise that I need to train MWP (all versions) and accuracy improves quite quickly over time. However, IMHO, this email screams SCAM SPAM and I would have expected the new product to at least red flag it. Nope - it passed as green.

Without knowing (understanding) how MWP works, these things should have been sufficient of themselves to rate a red flag:

Location - Ladgeria (Nigeria)
Return path: [email protected] (china)
Subject: Immediate Release of Your Compensation Payment

This is to bring to your notice that approval have been granted by the United Nations to The IMF (International Monetary Fund) Nigeria Regional Payment Office to pay victims who have been scammed globally through the internet services part payment of $850,000.00 (Eight Hundred and fifty Thousand United States Dollars)for the fist quarter this fiscal year 2010.
.............
(Full names
Residential Address details
Telephone Fax numbers
Age
Occupation
valid E-mail Address

You are also requested to stop any further communication with any other person(s) or office(s) to avoid any hitch in receiving your payment as Scheduled.
 
Yours faithfully,
 
Dr Solomon Williams
Head of Cards,
Central Bank of Nigeria (CBN)
Units 3 & 5,tinubu House.
................

Now I KNOW this person is a criminal given my dark hobby - that's called human intelligence. I don't expect our brains to be replaced by a program anytime soon. Still, the items I highlighted (especially the Chinese yahoo account and words "Central bank of Nigeria") should pass a threshold of a red flag. But didn't. Criminals often ask for personal details (varies slightly) but most look pretty much as they do in this email.

I'm not at all competent at creating filters - way beyond my pay grade, but I'd imagine it would be not a great burden to create a filter on the words: Nigeria, Nigerian, Central Bank. We can apply an inbuilt language filter - but the email is written in English (poorly). I'm aware that there are plenty of excellent resources on this site about creating filters - so please don't mistake my concern about this email passing as "Good" based upon the existence or not of a filter.

My concern is that is a bog standard scam email from Nigeria. Scammers skills vary - some have an excellent command of English (highly ranked in criminal gangs) and others use of English is laughable - sometimes include local slang.
It takes time to perform IP checks so I won't fault MWP for not noting the emails origin. If it was possible, could MWP2010 perform an IP check on suspect emails (action by exception) and if so would this create an intolerable performance hit? Maybe to the first (also might add to costs if Firetrust has to pay fees for this) and probably to the second.

So, how come this obvious scam email was identified as good at all? Have I done something wrong or failed to do something I should have done?

Returning to my PM to RD, those email were from known criminals and all contained contents that related to criminal behaviour. The specific words in the emails contained one acronym that is almost universally used by crooks: MTCN which is a control code used by Western Union. (Sorry - I have to be vague.) The headers were not forged (so far as I could tell). Now I wanted these emails for my dark hobby. Aside from MTCN, nothing in the contents would have stood out dramatically when parsed by some process - except maybe their collapsed skill in English. I can't fault MWP for not picking these up - language analysis is highly complex - some posts on the forum appear to come from people who don't speak English as a first language, for example.

I apologise for being vague but I really do need to be careful here. I presented what I believe is an example of spam that almost anyone could identify - passed as good. And I broached upon examples where, although "I" knew the senders were criminals, aside from the acronym "MTCN", they were unremarkable and assessed as i would expect: good.

Would I be correct in saying that MWP2010 needs to be learn by example and if I took the time to correct it's 'mistakes', then accuracy increases fairly quickly? If so, then that's reasonable up to a point. Any process requiring human intervention is subject to human error - tiredness, click-happy etc. Some emails are so obviously spam (like my example) that at the very least, they should have been red flagged for the reasons I've given.

K1W1 - is this (my example) what you were referring to when you said you were underwhelmed and unimpressed?

Sorry for the lengthy post and geek-speak. It's important that we get feedback which contains examples etc so that we can know what it is that is the problem.

PS - I am tired and would very much appreciate a 'heads-up' if anyone identifies anything in this post that might disclose the email address I used. I've looked - can't see anything - can never be too careful though.

Cheers all.

[stan_qaz]

The source of spam tool does check IP addresses it is your choice which servers to load into MW. The different servers all flag based on IP but add the IPs to their lists based on different criteria so using more than one can be a good thing. Try this list for starters, Google should find others:

http://www.declude.com/Articles.asp?ID=97