Excellent info Terry, I agree, reducing false positives is a chore and a half. I didn't realize he was reporting an FP rate, the numbers just seemed to high. I've had similar experience to yours, spam at about 50-60% of volume, some users way more polluted than others, and much less spam on the weekends. My take is that its the difference between professional spammers and amateur spammers. The pro's generate more volume but operate 9-5, M-F so peak days are Tuesday through Thursday. Amateurs work in their off time, evenings and weekends, and are harder to catch but generate less total mail. Accordingly, getting through an entire weekend without a single spam getting through is my current ambition.
I don't measure FPs in % but rather in number of instances per day/week. The tough part for me is that when spam gets through I generate new tests, some of which invariably need modification or deletion to avoid catching the good stuff. I've gotten much better, but its a frustratng combination of "to add rules or not to add rules". I put in a bunch of new tests 2 weeks ago and had 5 instances for each of several days. Last week I was better and have only seen 2 for the whole week. This is for ~200 mailboxes over 8 domains. Thanks Dan On Sunday, October 6, 2002 6:50, Smart Business Lists <[EMAIL PROTECTED]> wrote: >Dan, > >Saturday, October 5, 2002 you wrote: >DP> 70%? I believe the spam filter that comes free with Mac OS 10.2 >DP> does that well by itself, though I haven't tested it for >FPs yet. > >The original poster, Keith Purtell, (subject "Newbie question about >baseline") was wondering about the volume of trapped messages he was >finding in his hold directory. He reported about 200 users, 250 >messages normally in his spam directory on a daily basis, but 1000 on >a particular Monday. > >We host only a little more than 200 users in 40 or so domains. In >September our mail server handled 37,763 messages of which 17,153 >(47%) were trapped as spam. But we inspect these messages prior to >deleting and found 174 were not spam and which were passed on to the >intended recipients. So for our 200 users on a daily basis we are >deleting about 566 messages on average while passing a few more than >that. Our known false positive rate is about 1%. > >The number of spam messages per user has definitely increased during >the last few months. And it seems to be continuing to increase. >However, I am not certain it is increasing more than e-mail usage in >general which is definitely increasing. E-mail users are sending and >receiving more e-mail. > >Some SPAM still makes it through to our users. We estimate for >heavier volume users this ranges from 0 to 5 messages per day but >about 1 message per day on average. We think this is pretty good. >Most of our users also think it is pretty good although a few believe >that even 1 spam message indicates total system failure. > >We have users that receive from hundreds of messages per day down to 1 >or 2 messages per week. So how someone feels about spam that makes it >through our system to them is a bit proportional to the volume of mail >they handle as well as their own psychology. > >The spam that does make it through usually has failed no tests at all >on the server. Desktop filters are so different and so individualized >that I think it would be hard to conclude much about them in >general. > >For instance with the Bat! that I use I can write various kinds of >filters including programs. I can filter for words, regular >expressions, and known/unknown senders based on my address book. If I >used the latter (which I don't) I could easily mark more than 70% of >my messages as spam. However, almost 100% of that would be false. And >"false positives" are the problem with all filtering systems in my >experience. It is quite easy to mark a large percentage of mail as >spam. What's hard is reducing the false positive rate. I would not >expect the MAC system to be different. > >In our system it was employing SNIFFER as part of our weighting system >that provided us the greatest benefit in reducing false positives. >Before SNIFFER we were in the 3% to 4% range and after SNIFFER we've >been able to reduce that to 1%. So we believe the great benefit of >SNIFFER for us has been in reducing false positives. This is >especially important for us since we do inspect spam messages before >deleting. > >SNIFFER's false positives remain in the subscribed lists but we've >managed to improve that with Scott's negative weighting. > >On weekends our SPAM rate increases to 60% and sometimes greater and >our false positive rate falls to .2% or lower. Total volume usually >decreases though. > > >Terry Fritts > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
