Hello Alberto, In earlier times we had a philosophy that no single test should trap a message. The idea was that my combining tests the accuracy of the filter system would always (qualified) be improved.
The blackhats have become extremely aggressive about burning IPs and generating image spam and/or other abstracted, short lived, and narrowly targeted campaigns. As a result of these changes, it is often the case that our abstract rules are the only thing that will fire on a message. The bad news is that holding on any single test will probably lead to more false positives. The good news is that SNF:Experimental/Abstract has a very low false positive rate. It may be time to alter our philosophy w/ regard to the experimental/abstract rules group and recommend that wherever practical, messages should probably be held (not deleted) based on a hit in this rule group. Hope this helps, _M Monday, October 9, 2006, 5:59:44 PM, you wrote: > Hello > I'm getting storms of spam and Sniffer sets them as (Experimental > Abstract) > Can someone explain how have I to treat them? > Many thanks in advance > Alberto > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
