We recently decided to go through our spamtraps (E-mail addresses designed to collect spam), to find out which spam tests were most effective at catching spam. Given how much spam has increased lately (the daily volume of spam to our spamtraps has about doubled in the past 2 months), we felt this would be of interest. The results are based on over 5,000 spams that were received, all in April, 2002.
The following is a list of tests that we run against the E-mails arriving at the spamtrap, and what percentage of the spam they caught (it will be easier to read if you use a fixed-width font): WEIGHT10 96.99% WEIGHT20 86.85% SNIFFER 77.38% SPAMCOP 70.73% REVDNS 51.68% NJABL 49.92% SPAMHEADERS 47.95% ORDB 39.71% HEUR10 37.90% FREEMAIL 30.14% RSL 28.87% MONKEYPROXIES 28.79% NOABUSE 27.33% DORKS 25.84% ROUTING 25.73% POSTFIXGATE 22.70% OSRELAY 22.22% BADHEADERS 22.20% XBL 19.77% DORKZTL 17.31% DSBLALL 16.56% OSPROXY 13.69% OSSRC 13.69% NOPOSTMASTER 13.21% HEUR9 12.70% DSN 11.03% IPWHOIS 9.52% SPAMHAUS 9.20% HEUR8 7.95% DSBL 7.79% FABELSOURCES 7.21% BADWHOIS 7.17% DEWS 7.15% BLITZEDSOCKS 6.62% BLARSBL 6.38% BLITZEDHTTP 4.30% SUMMIT 4.17% OSSOFT 3.41% KITHRUP 2.32% MAILFROM 2.08% MONKEYFORMMAIL 1.11% PIGS 0.93% ABL 0.85% NJABLDUL 0.64% OSDUL 0.34% DEVNULL 0.29% BLITZEDWINGATE 0.27% COMPU 0.05% The WEIGHT10 and WEIGHT20 tests are just a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves. The two best tests by far are SNIFFER ( http://www.sortmonster.com ) at 77.38% and SPAMCOP ( http://www.spamcop.net ) at 70.73%. The next three entries (REVDNS, NJABL, and SPAMHEADERS) all have fairly high false positives, which makes them a poor choice to block mail on (although they help a lot for the weighting, and can be used to mark spam with a standard "X-RBL-Warning:" header for example), with no other tests alone catching over 40% of the spam. More information on most of the various spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
