One more comment...
The new Declude test
HELO-DYNAMIC dynhelo x x 50 0
works almost as well as the HELOISIP external test. And it is built in.
----- Original Message -----
From: "Markus Gufler" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, July 26, 2005 5:37 PM
Subject: RE: [Declude.JunkMail] RBL's becoming worthless...
Chuck,
Here some numbers from my side:
100k messages in the last 7 days
50.5% identified as legit, 49.5% as spam (viruses was filtered out before)
The best IP4R-based tests was
CBL (21%, 0.37%FP), SPAMCOP (21%, 0.47%FP) and XBL-DYNA (19%, 0.27%FP)
So they catch less then 50% of incoming spam without creating a
significant
number of false positives.
FIVETEN-SRC was able to catch 24% of spam but has also had FP's on around
6%
of all processed messages.
A text-filter combining the results of different IP4R-based tests has
reached a catch rate of 36%. I consider it the current maximum that can be
reached with IP4r-based tests by having a - let's say - moderate number of
false positives.
INV-URIBL instead can catch 37% of all messages as spam and I must say
that
up to now I haven't had time to try improving the INV-URIBL configfile.
(Any
suggestion is welcome!) It's also important that the number of FP's for
this
test is near to zero.
SNIFFER was able to catch 47% of all spam messages but I must also say
that
there was a significant number of false positives (5%). Most of them
generated by SNIFFER-GENERAL and SNIFFER-RICH.
SPAMCHK has had correct results on around 45% of all messages, but also
had
around 7% of FP's
Other excelent tests was CMDSPACE (30%, 1%FP) and HELOISIP (13%, 0.17%FP)
Due to Decludes weighting system and the combination of all this tests I
can
see between 10 and 20 spam messages each month in my inbox, by catching
more
then 300 spams each day.
Markus
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick
Sent: Tuesday, July 26, 2005 7:57 PM
To: Declude. JunkMail
Subject: [Declude.JunkMail] RBL's becoming worthless...
In the last several months we have seen large quantity of
spam coming from IP blocks that never seem to get listed on
any RBL. Spamcop is about the only one that picks some of
them up and once in awhile spamhaus. There was a block last
night that sent several hundred and sendbase.org showed they
had detected no email from that block.
The reason I bring this up is because when we first started
blocking spam I would say the blacklists would catch almost
90% so we relied heavily on the blacklist. With the
blacklists not being as effective we need to rely on other
tests like sniffer but that misses alot also.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be
found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
