On 7/3/12 9:24 AM, "Axb" <[email protected]> wrote:
> On 07/03/2012 04:14 PM, John Hardin wrote:
>> On Tue, 3 Jul 2012, Kevin A. McGrail wrote:
>>
>>> On 7/3/2012 10:00 AM, Axb wrote:
>>>> score FROM_12LTRDOM 3.5
>>>>
>>>> Even with lots of conditions, a 12 letter domain is nothing
>>>> extraordinary,
>>>> especially in the eurozone.
Or elsewhere... However, it is much loved by spammers for some odd reason.
>>>>
>>>> Imo, this rule should be applied locally by the person who suggested as
>>>> per comment:
>>>>
>>>> # 12-letter domain names, suggested by Len Conrad on the users list
>>>>
>>>> Votes to see it go away? (even scoring low is asking for trouble)
>>>>
>>>> Axb
>>>
>>> Agreed. Sounds a bit silly to me. +1 to remove. Would have to be a
>>> meta rule.
>>
>> It _is_ a meta rule, with FP exclusions. Unfortunately that approach is
>> only as reliable as the masscheck corpus is reliable and broad.
>
> not really - No way I could put my production ham mail in a corpus bin
> to make it score "useless" but I can count >1.2 milllion hits where
> that rule could have FPd, had I not lowered the score to 0.001, (to
> watch it)
I see a huge overlap with URIBL_BLACK and URIBL_INVL (invaluement). Also
RAZOR2_CF_RANGE_E8_100
As a meta with URIBL_BLACK it would probably be fine for 3.5 points. The
other rules tend to be pretty clear kills anyway.
>
>> I'd be willing to make it a subrule and investigate combinations with
>> other spammy rules, rather than trying to reduce its FPs through
>> exclusions.
>
> reducing FPs is not possible, no matter how much you dance around it,
> and not even worth it.
>
As a user of a 12 letter domain, I'd prefer to have it as a meta with some
other strong rules than a standalone rule.
> Sorry... I can't agree
>
> Axb
>
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
