On Tue, 3 Jul 2012, Daniel McDonald wrote:
On 7/3/12 9:24 AM, "Axb" <[email protected]> wrote:
On 07/03/2012 04:14 PM, John Hardin wrote:
On Tue, 3 Jul 2012, Kevin A. McGrail wrote:
On 7/3/2012 10:00 AM, Axb wrote:
score FROM_12LTRDOM 3.5
Even with lots of conditions, a 12 letter domain is nothing
extraordinary, especially in the eurozone.
Or elsewhere... However, it is much loved by spammers for some odd reason.
{snip}
I see a huge overlap with URIBL_BLACK and URIBL_INVL (invaluement). Also
RAZOR2_CF_RANGE_E8_100
As a meta with URIBL_BLACK it would probably be fine for 3.5 points. The
other rules tend to be pretty clear kills anyway.
meta'ing it with URIBL_* makes it a NET rule, which I'm trying somewhat to
avoid, and meta'ing it with another highly-effective rule moves the hit
spike out of the low-scoring-spams domain, which is reduces its utility.
I'd be willing to make it a subrule and investigate combinations with
other spammy rules, rather than trying to reduce its FPs through
exclusions.
reducing FPs is not possible, no matter how much you dance around it,
and not even worth it.
As a user of a 12 letter domain, I'd prefer to have it as a meta with some
other strong rules than a standalone rule.
I'll do some restructuring and then start analyzing spam overlap. In the
meantime I will set a low score limit.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A sword is never a killer, it is but a tool in the killer's hands.
-- Lucius Annaeus Seneca (Martial) 4BC-65AD
-----------------------------------------------------------------------
Tomorrow: the 236th anniversary of the Declaration of Independence
