eddie,
Monday, October 14, 2002 you wrote:
EP> New user to JunkMail here..
Welcome to the war.
EP> I know that declude has a spam trap. Is there data available on
EP> this to determine how effective each test is?
Scott posts his monthly spam stats to the IMAIL forum - see
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
search for "Spam Statistics" or for September see
http://www.mail-archive.com/[email protected]/msg58649.html
I think a lot of others keep stats on test results but I don't
think I've seen them widely posted. There are 3rd party programs
to help you monitor tests and results. See
http://www.declude.com/tools/index.html
EP> I am very interested in expanding our definitions from the current
EP> defaults, but before i can do that, i kinda would like to see how
EP> the each test compares at a bigger sampling.. Or is everyone going
EP> on different pathways...
My experience indicates that communities are sufficiently
different to require research and subsequent changes. The
September and August report from Scott referenced above will
certainly give you a larger picture.
The problem is not so much trapping messages as that is easy but
not trapping legitimate (and wanted) messages that fail tests.
There are a good many blacklists of IP's and addresses posted all
over the web and there are contributors both here and on the IMAIL
list that post such lists. But for the most part where I have
tried these in the past I just end up having to weed out more
false spam messages.
EP> Also, how can i create a spam trap,
discussed at
http://www.mail-archive.com/[email protected]/msg02642.html
and try a google on the phrase "create a spam trap"
EP> to evaluate how effective each test is to properly setup each
EP> weights e.g. Is there a test that is 100% effective in
EP> identifying spam like helobogus
There is really nothing that 100% of spam fails and 100% of
non-spam doesn't fail as far as I know.
I fail on the single tests: ORDB, MAILFROM, PERCENT, SNIFFER, and
one IP blacklist. All other tests have to accumulate to a fail
weight.
EP> recommend on how new users should approach to building a better
EP> and efficient definitions...
It depends a bit on what you want to do. You can take a wholesale
approach and delete or mark many messages and try to figure out a
way to move the responsibility downstream to the user - or not.
Or you can take a more granular approach and try to refine your
system so that you are more and more effective on trapping spam
and reducing false positives.
In the former case it doesn't matter too much what you do.
In the latter though you have to develop a review strategy for
your spam control system. It is not something you can do just once
and forget because things change.
1) develop a review strategy
a) LOG action and then review declude logs
b) HOLD action and then review with a program like spam review
(you have to add lines to the header to indicate tests
failed and weights)
c) combination of a and b
2) develop your own weighting system
a) some have several levels with different action
b) I use pass/HOLD but I review HOLD
3) the Plus and Minus weights with filters is very good and allows
really good tweaking
4) develop actions you can manage
It is not possible for very high volume systems to hold and
review messages as an example.
I think it is better to start simpler and then gradually add
complexity as you understand what is happening.
Another very good tool for us was Sniffer - see
http://www.sortmonster.com/MessageSniffer/
helped reduce our false positives to about 1% from 4%
EP> Is there a tool available that will read the junkmail logs and
EP> break down each test as to their effectiveness?
http://www.declude.com/tools/index.html
lots of good things reported about spam review.
HTH
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
