Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial.
I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 "in-house" hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal "hold weight" would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my "hold weight". For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my "hold weight". NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the "hold weight" most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the "hold weight". To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the "hold weight" I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as "SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0". This is based upon the test described in the "Your own sender blacklists" section of the Declude.JunkMail. Whenever a spam e-mail slips under my "hold weight" I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the "hold weight" were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on "spam domains" (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for "best practices" sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my "hold weight" and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or is there so little legitimate e-mail passing through a server on the SPAMCOP list that if I am holding on that test the chance of actually catching legit e-mail is pretty low? #3) In addition to what I've learned about about Declude.JunkMail itself, I've also started using two of the 3rd-party freeware tools that have been released by Declude devotees, SpamReview and Delog. SpamReview is great and I use it every day to take a quick look at all of the e-mail that is being held by Declude.JunkMail. I haven't gotten to work with Delog as much but it seems pretty cool. Are there any other 3rd-party tools which I also might want to look closer at? #4) Since I established my "hold weights" I think Declude has only held 2 pieces of legitimate e-mail. I looked at them briefly in SpamReview before requeuing but I couldn't figure a good way to make sure that those would have passed through. I hesitate to up my hold weight (for 2 pieces of e-mail) and I'd rather just have a test that I could use to make certain domains (or users) exempt from Declude.JunkMail. Sort of like SENDERBLOCK but in reverse. Is there any good test for that? #5) Is the way that I'm doing things: a) establishing a "hold weight", b) directly blocking spam e-mail which is below the "hold weight", c) passing through legit e-mail above the "hold weight" (once I figure out how to do it), pretty much the way that a Declude.JunkMail beginner would want to start off doing things? If not, what are some of the other paths that a Declude.JunkMail beginner might take? If so, what is a good "next step" that I might want to look into? Well, I think that's pretty much it for now. I apologize in advance for the novel-length posting. All comments and feedback are appreciated! Thanks, Much! Dan Geiser [EMAIL PROTECTED] ==================================================================== This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
