Scott,
The idea behind DUL-COMBO is that a dynamic/residential IP is a
dynamic/residential IP, so it doesn't make sense to variably score the
IP based on how many DUL tests it hits. What I did was test something
like 9 different DUL tests and I excluded the ones that had false
positives, primarily for listing business DSL space. I was left with 4
DUL lists that never false positive according to the IP (as far as I can
tell), but of course sometimes people do set up servers on DUL space and
they get caught with this test. I score the tests with zero points in
Global.cfg, but then use a custom filter that will give any and all DUL
hits a total score of 8 on my system (mostly hold on 13, sometimes 10).
This has worked beautifully.
If you wanted to do a PROXY-COMBO test, I'm afraid that this might not
be nearly as effective/useful. Take note that I weeded out DUL lists
that had any wrong space listed in them, but with open relay lists,
there are false positives everywhere, primarily because the zone
administrators don't properly retest, expire, or take any action
whatsoever to remove old nominations. ORDB is the best known open relay
list, and their delisting process is ridiculously convoluted, and even
impossible for some depending on their mail server.
In a sense, you benefit from multiple hits on open relay-type tests,
because the more lists that an IP appears in, the more likely that it is
an active open relay, but if you combo-ed it, you would be making the
test only as reliable as the most out of date test, and that would
change from IP to IP.
While I would discourage this, I would encourage combo-ing the FIVETEN
open relay tests because they will often hit in doubles or triples, and
they will false positive under those circumstances as well (it's a very
poor design on their part).
If you are looking for opportunity, look for killer patterns such as the
combination of an open relay with a hit on SpamCop, or an XBL hit plus
SpamCop, and there are dozens of killer combinations that have an
extremely minute chance of throwing a false positive.
Matt
Scott Fisher wrote:
I tripped across an e-mail from February where you put together a combo test for the
DULs. Of course, I can't find that message again.
I considering one for PROXY-COMBO with a maxweight so I can avoid the piling on too
many points from multiple databases, yet I can still score the -DYNA and -ALL for
small scores that may be false positives.
Can you expound on your COMBO-DUL test again?
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
