I use around 80 tests on one system in order to watch them and how theri performance is going up and down. On other (high traffic) servers I use only the best one. I can confirm what others has mentoined as reliable blacklists (expect fiveten for european systems: fiveteen has a FP-Rate of around 10% and it seems that they are caused by IP-Adresses outside of America.
However I give each IP4R-Test only a relative small weight (between 1 and 10% of the hold weight. There is one combo-Test that has a list of the reliablest IP-Blacklists. This combo-test is nearly as effective as Sniffer, but it has definitively more FPs. The combination of IP4R-tests is used further to combine them with other reliable tests and I use them also to add different weights for positives IP4R-Results depending of whats the originating country. Some weeks ago one of my servers was not more able to reach the configured DNS-Server (reconfigured firewall) and even if most spam was still catched there was a noticeable reduction of spam-detection until I discovered the problem. Markus > -----Ursprüngliche Nachricht----- > Von: Message Sniffer Community > [mailto:[EMAIL PROTECTED] Im Auftrag von Colbeck, Andrew > Gesendet: Dienstag, 6. Juni 2006 18:09 > An: Message Sniffer Community > Betreff: Re: [sniffer]A design question - how many DNS based tests? > > I use just shy of 60 DNS based tests against the sender, both > IP4R and RHSBL. > > Perhaps 10-12 matter. > > Due to false positives, I rate most of them relatively low > and have built up their weights as a balancing act. That act > is greatly assisted by using a weighting system and not > "reject on first hit", and furthered by being able to do > "combo tests" such as the example Nick offered on a different > thread this morning. > > SPAMHAUS XBL (CBL and the Blitzed OPM), SPAMCOP, FIVETEN, > MXRATE-BL are consistent good performers for me. > > Tests that I try out tend to stay in my configuration after > they've become inutile as long as they do no harm. I groom > the lists perhaps four times per year. > > Andrew 8) > > > > > -----Original Message----- > > From: Message Sniffer Community > > [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil > > Sent: Tuesday, June 06, 2006 6:26 AM > > To: Message Sniffer Community > > Subject: [sniffer]A design question - how many DNS based tests? > > > > Hello Sniffer Folks, > > > > I have a design question for you... > > > > How many DNS based tests do you use in your filter system? > > > > How many of them really matter? > > > > Thanks! > > > > _M > > > > -- > > Pete McNeil > > Chief Scientist, > > Arm Research Labs, LLC. > > > > > > ############################################################# > > This message is sent to you because you are subscribed to > > the mailing list <sniffer@sortmonster.com>. > > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to > > the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch > > to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send > > administrative queries to <[EMAIL PROTECTED]> > > > > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To > switch to the DIGEST mode, E-mail to > <[EMAIL PROTECTED]> To switch to the INDEX mode, > E-mail to <[EMAIL PROTECTED]> Send administrative > queries to <[EMAIL PROTECTED]> > > ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
