It took about 1 minute to figure out that this will be a very valuable test as I'm seeing similar hit rates. What matters most though is the type of thing that will FP, and what other tests will generally fail along with it. I'm guessing that an FP with CMDSPACE will probably also tend to FP with BADHEADERS, and I might need to balance that out.
Actually, that's one reason why this test should be so useful. An E-mail should only fail both CMDSPACE and BADHEADERS if [1] the MUA and MTA are the same, and *seriously* broken (as is the case with spamware), or [2] the MUA and MTA are separate, but both broken. #1 is the case with some web mailers, but time should tell whether or not E-mail is likely to fail both tests.
Could you describe that one FP that you found so that I know what to look out for? Was this an instance where some small-time newsletter sender was using the same bad software that the spammers use, or was it something else like some Web script? If it's really rare and tied to an X-Mailer, maybe we could counterbalance it with a filter???
It was sent with Lotus Notes, but connecting to the IP of their mailserver shows "220 SMTP Proxy Server Ready", so they are likely running a special proxy server. Interestingly, the only Google hits for "SMTP Proxy Server Ready" appear to be on servers run by spammers. :)
Regardless, it appears that the FP rate of this thing will far out perform any other technical tests as well as the hit rate. That's HUGE!
It does appear to be huge. Let's hope it really is, and that it lasts. :)
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
