RE: [Declude.JunkMail] How good does it get?
I don't care how much you monitor, you are NOT going to get a 100% capture rate with no false positives. If there was a way to do that, Scott would be a millionaire by now, and have twenty or thirty death threats from spammers. You can get close, like maybe a 90% or 95% if you're super particular, but that is really pushing it. Unfortunately, there isn't a perfect template you can use. The default will get you close, but then you have to tune. It's different for each site and situation. It took me about 3 or 4 months to get it pretty close with daily checks. Now I check once a week and make a few tweaks. I get about an 90%-95% capture rate with very few false positives. My technique is to delete everything outrageously bad ( 40+ on my scale with my custom weights). If it's over 40 it is seriously warped. If it's over 20 but below 40, I route it to a holding bin where I can personally check it out. Under 20 is good enough to slip through, and a few do now and then, but my users will forward it to me so I can tune Declude a bit more. Obviously, if you're getting over half a million messages a month, this won't work for you. I only get about 18k or so, with maybe 10-20 needing personal attention per day. Personally, I'd rather a few got through, rather than having it delete some of the real stuff, but you can make your own calls. Karl Drugge -Original Message- From: T. Bradley Dean [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 4:07 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] How good does it get? I just installed the demo (Tuesday I believe) and I have it set to warn only. My plan is to move everything with a weight of 20 or above to a 'spam' folder in each users webmail. I may be able to do 15, so far the highest legitimate mail we've seen was 14. Looking at what's coming in, I'm getting about 80% of all spam. Another user I have watching the headers (Outlook rule) is getting about 40%. I'm going to go through the manual and see how smoothly I can get this running, but of course management wants 100% of spam captured with no legitimate mail blocked. How close can I expect to get? What levels of spam are you guys capturing and what levels of legitimate mail is being blocked? Any tips on what default settings I should mess with first? Any good threads in the archives that I should read through? Thanks in advance, ~Brad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How good does it get?
Running JunkMail since May 2002. I've done a bit oftuning on test weights, am using Sniffer andseveralfilters,contra-filter, and blacklistof my own based on false-positives that I find on my own accounts, but I haven't done near the amount of tuning that some have done. I delete on weight20. I can't actively track misses and false-positives for all users because of the sheer volume, over 1.5 million messages pass through here each week. My .dec logs (on level high) are generally 1 GB in size per day. Running DLAnalyzer reports thataverage 89% of total mail volume is deleted per day, with about 1.5% delivered tagged as "possible spam" (weight14 to 19) I have had a couple complaints in recent weeks of users not getting newletters and other "fringe" material. In those cases I do a temporary whitelisting on their account then do a contra-filter to reduce the weight on the msgs in question. It's a sad situation, really. If I didn't have some way toget rid ofthespam, it would sap up huge amounts of drive space andmany users would simplygive up on the battle and abandon their mail accounts. Glenn Z. - Original Message - From: T. Bradley Dean To: [EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:07 PM Subject: [Declude.JunkMail] How good does it get? I just installed the demo (Tuesday I believe) and I have it set to warnonly. My plan is to move everything with a weight of 20 or above to a 'spam'folder in each users webmail. I may be able to do 15, so far the highestlegitimate mail we've seen was 14.Looking at what's coming in, I'm getting about 80% of all spam. Another userI have watching the headers (Outlook rule) is getting about 40%.I'm going to go through the manual and see how smoothly I can get thisrunning, but of course management wants 100% of spam captured with nolegitimate mail blocked. How close can I expect to get? What levels of spamare you guys capturing and what levels of legitimate mail is being blocked?Any tips on what default settings I should mess with first? Any good threadsin the archives that I should read through?Thanks in advance,~Brad ---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] How good does it get?
Glenn: What we do is simply a negative weight for newsletters.We review the weights of 20-60 and delete on 60. Newsletters typically fall between 20-40 range and if we find them we simply add them to our negative email list or for the legitimate ones like Cato or other organizations we simply whitelist their REVDNS. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNetSent: Thursday, November 20, 2003 4:53 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] How good does it get? Running JunkMail since May 2002. I've done a bit oftuning on test weights, am using Sniffer andseveralfilters,contra-filter, and blacklistof my own based on false-positives that I find on my own accounts, but I haven't done near the amount of tuning that some have done. I delete on weight20. I can't actively track misses and false-positives for all users because of the sheer volume, over 1.5 million messages pass through here each week. My .dec logs (on level high) are generally 1 GB in size per day. Running DLAnalyzer reports thataverage 89% of total mail volume is deleted per day, with about 1.5% delivered tagged as "possible spam" (weight14 to 19) I have had a couple complaints in recent weeks of users not getting newletters and other "fringe" material. In those cases I do a temporary whitelisting on their account then do a contra-filter to reduce the weight on the msgs in question. It's a sad situation, really. If I didn't have some way toget rid ofthespam, it would sap up huge amounts of drive space andmany users would simplygive up on the battle and abandon their mail accounts. Glenn Z. - Original Message - From: T. Bradley Dean To: [EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:07 PM Subject: [Declude.JunkMail] How good does it get? I just installed the demo (Tuesday I believe) and I have it set to warnonly. My plan is to move everything with a weight of 20 or above to a 'spam'folder in each users webmail. I may be able to do 15, so far the highestlegitimate mail we've seen was 14.Looking at what's coming in, I'm getting about 80% of all spam. Another userI have watching the headers (Outlook rule) is getting about 40%.I'm going to go through the manual and see how smoothly I can get thisrunning, but of course management wants 100% of spam captured with nolegitimate mail blocked. How close can I expect to get? What levels of spamare you guys capturing and what levels of legitimate mail is being blocked?Any tips on what default settings I should mess with first? Any good threadsin the archives that I should read through?Thanks in advance,~Brad ---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] How good does it get?
Thanks guys, that all helps. I took the plunge and changed the settings from 'test mode' to 'effect everybody' mode! Now hopefully management will like it enough to buy it after 30 days. Maybe after 25 days I'll turn it off just to remind 'em... ~Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, November 20, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How good does it get? Glenn: What we do is simply a negative weight for newsletters. We review the weights of 20-60 and delete on 60. Newsletters typically fall between 20-40 range and if we find them we simply add them to our negative email list or for the legitimate ones like Cato or other organizations we simply whitelist their REVDNS. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNet Sent: Thursday, November 20, 2003 4:53 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How good does it get? Running JunkMail since May 2002. I've done a bit of tuning on test weights, am using Sniffer and several filters, contra-filter, and blacklist of my own based on false-positives that I find on my own accounts, but I haven't done near the amount of tuning that some have done. I delete on weight20. I can't actively track misses and false-positives for all users because of the sheer volume, over 1.5 million messages pass through here each week. My .dec logs (on level high) are generally 1 GB in size per day. Running DLAnalyzer reports that average 89% of total mail volume is deleted per day, with about 1.5% delivered tagged as possible spam (weight14 to 19) I have had a couple complaints in recent weeks of users not getting newletters and other fringe material. In those cases I do a temporary whitelisting on their account then do a contra-filter to reduce the weight on the msgs in question. It's a sad situation, really. If I didn't have some way to get rid of the spam, it would sap up huge amounts of drive space and many users would simply give up on the battle and abandon their mail accounts. Glenn Z. - Original Message - From: T. Bradley Dean To: [EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:07 PM Subject: [Declude.JunkMail] How good does it get? I just installed the demo (Tuesday I believe) and I have it set to warn only. My plan is to move everything with a weight of 20 or above to a 'spam' folder in each users webmail. I may be able to do 15, so far the highest legitimate mail we've seen was 14. Looking at what's coming in, I'm getting about 80% of all spam. Another user I have watching the headers (Outlook rule) is getting about 40%. I'm going to go through the manual and see how smoothly I can get this running, but of course management wants 100% of spam captured with no legitimate mail blocked. How close can I expect to get? What levels of spam are you guys capturing and what levels of legitimate mail is being blocked? Any tips on what default settings I should mess with first? Any good threads in the archives that I should read through? Thanks in advance, ~Brad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How good does it get?
The product is only as good as the administrator :) Actually, that really is mostly true. With a single domain, if you get the Pro version and install some custom filters, I see no reason why you can't get well above 99% blocking with less than a 0.1% false positive rate. That would likely take several months and quite a bit of eagerness though. There is still very good value to 95% blocking though and much less work required. Just give yourself some time to learn how it works one piece at a time. Good luck, Matt T. Bradley Dean wrote: Thanks guys, that all helps. I took the plunge and changed the settings from 'test mode' to 'effect everybody' mode! Now hopefully management will like it enough to buy it after 30 days. Maybe after 25 days I'll turn it off just to remind 'em... ~Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, November 20, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How good does it get? Glenn: What we do is simply a negative weight for newsletters. We review the weights of 20-60 and delete on 60. Newsletters typically fall between 20-40 range and if we find them we simply add them to our negative email list or for the legitimate ones like Cato or other organizations we simply whitelist their REVDNS. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn \ WCNet Sent: Thursday, November 20, 2003 4:53 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How good does it get? Running JunkMail since May 2002. I've done a bit of tuning on test weights, am using Sniffer and several filters, contra-filter, and blacklist of my own based on false-positives that I find on my own accounts, but I haven't done near the amount of tuning that some have done. I delete on weight20. I can't actively track misses and false-positives for all users because of the sheer volume, over 1.5 million messages pass through here each week. My .dec logs (on level high) are generally 1 GB in size per day. Running DLAnalyzer reports that average 89% of total mail volume is deleted per day, with about 1.5% delivered tagged as possible spam (weight14 to 19) I have had a couple complaints in recent weeks of users not getting newletters and other fringe material. In those cases I do a temporary whitelisting on their account then do a contra-filter to reduce the weight on the msgs in question. It's a sad situation, really. If I didn't have some way to get rid of the spam, it would sap up huge amounts of drive space and many users would simply give up on the battle and abandon their mail accounts. Glenn Z. - Original Message - From: T. Bradley Dean To: [EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:07 PM Subject: [Declude.JunkMail] How good does it get? I just installed the demo (Tuesday I believe) and I have it set to warn only. My plan is to move everything with a weight of 20 or above to a 'spam' folder in each users webmail. I may be able to do 15, so far the highest legitimate mail we've seen was 14. Looking at what's coming in, I'm getting about 80% of all spam. Another user I have watching the headers (Outlook rule) is getting about 40%. I'm going to go through the manual and see how smoothly I can get this running, but of course management wants 100% of spam captured with no legitimate mail blocked. How close can I expect to get? What levels of spam are you guys capturing and what levels of legitimate mail is being blocked? Any tips on what default settings I should mess with first? Any good threads in the archives that I should read through? Thanks in advance, ~Brad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
