Scott,
The idea behind DUL-COMBO is that a dynamic/residential IP is a dynamic/residential IP, so it doesn't make sense to variably score the IP based on how many DUL tests it hits. What I did was test something like 9 different DUL tests and I excluded the ones that had false positives, primarily for listing business DSL space. I was left with 4 DUL lists that never false positive according to the IP (as far as I can tell), but of course sometimes people do set up servers on DUL space and they get caught with this test. I score the tests with zero points in Global.cfg, but then use a custom filter that will give any and all DUL hits a total score of 8 on my system (mostly hold on 13, sometimes 10). This has worked beautifully.
If you wanted to do a PROXY-COMBO test, I'm afraid that this might not be nearly as effective/useful. Take note that I weeded out DUL lists that had any wrong space listed in them, but with open relay lists, there are false positives everywhere, primarily because the zone administrators don't properly retest, expire, or take any action whatsoever to remove old nominations. ORDB is the best known open relay list, and their delisting process is ridiculously convoluted, and even impossible for some depending on their mail server.
In a sense, you benefit from multiple hits on open relay-type tests, because the more lists that an IP appears in, the more likely that it is an active open relay, but if you combo-ed it, you would be making the test only as reliable as the most out of date test, and that would change from IP to IP.
While I would discourage this, I would encourage combo-ing the FIVETEN open relay tests because they will often hit in doubles or triples, and they will false positive under those circumstances as well (it's a very poor design on their part).
If you are looking for opportunity, look for killer patterns such as the combination of an open relay with a hit on SpamCop, or an XBL hit plus SpamCop, and there are dozens of killer combinations that have an extremely minute chance of throwing a false positive.
Matt
Scott Fisher wrote:
I tripped across an e-mail from February where you put together a combo test for the DULs. Of course, I can't find that message again.
I considering one for PROXY-COMBO with a maxweight so I can avoid the piling on too many points from multiple databases, yet I can still score the -DYNA and -ALL for small scores that may be false positives.
Can you expound on your COMBO-DUL test again?
Scott Fisher Director of IT Farm Progress Companies
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
