The following is a list of tests that we run against the E-mails arriving at the spamtrap, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.63% [FP:~1%] WEIGHT20 98.48% [FP:~5%] SPAMCHK 95.50% [FP:~50%] SNIFFER 94.98% [FP:~2%] CYBERSITTER 94.06% [FP:~5%] IPNOTINMX 81.94% [FP:~22%] WIREHUB-DNSBL 79.17% [FP:~1%] SPAMCOP 70.66% [FP:~1%] XBL 69.14% [FP:~70%] MAILDEFLECTOR 46.17% DSBLALL 41.61% DSBL 40.44% MONKEYPROXIES 37.60% SPAMHEADERS 36.82% REVDNS 36.68% SPAMHAUS 36.57% OSSOFT 34.47% FREEMAIL 32.15% DORKZTL 31.39% NOPOSTMASTER 30.78% HELO 27.18% BLITZEDALL 26.83% BADHEADERS 26.43% OSSRC 24.47% INTERSIL 24.41% POSTFIXGATE 23.75% NOABUSE 22.58% BLARSBL 20.88% BADWHOIS 18.06% FIVETENDUL 17.62% FIVETENSRC 15.44% OSPROXY 15.26% BASE64 13.09% ROUTING 12.05% VOX 10.84% IPWHOIS 8.57% DNSRBL-SPAM 7.78% NJABL 7.19% SPAMBAG 6.79% FIVETENIGNORE 6.11% FABELSOURCES 5.45% OSRELAY 5.44% FIVETENOPTIN 5.34% DSN 5.26% KUNDENSERVER 4.70% BLITZEDHTTP 4.41% ORDB 4.09% DELINK 3.57% LNGSDUL 2.74% DNSRBL-DUN 2.73% MAILFROM 2.19% DORKS 2.13% BLITZEDSOCKS 2.13% NJABLDUL 2.02% COMPU 1.98% WIREHUB-DYNA 1.78% KITHRUP 1.70% PIGS 1.47% COMMENTS 1.35% DSBLMULTI 1.20% OSDUL 0.75% DEVNULL 0.40% ABL 0.40% FIVETENOTHER 0.33% LNGSBLOCK 0.25% NONENGLISH 0.18% FIVETENMULTI 0.17% JIPPG-DUL 0.14% DORKRELAYS 0.13% FLOWGO 0.11% DNSMAILLIST 0.08% FIVETENWEBFORM 0.06% BLITZEDWINGATE 0.06% DNSUCE 0.03% OSLIST 0.01%
The WEIGHT10 and WEIGHT20 tests are a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch as much as 98-99% of spam with extremely few false positives). It is also important to note that different tests are more likely to produce false positives (such as the IPNOTINMX, XBL, REVDNS, and SPAMHEADERS tests, that all catch a lot of spam, but catch a lot of legitimate mail as well); those tests are best used in a weighting system, so E-mail will only be marked as spam if it fails a combination of tests.
There are 3 tests that caught over 90% of the spam in our spamtraps: SPAMCHK ( http://www.riedmann.it/spamchk/ ) at 95.50%, SNIFFER ( http://www.sortmonster.com ) at 94.98%, and CYBERSITTER ( http://www.spammanager.com ). All tests that caught over 50% of the spam have an approximate false positive percentage as well.
For false positives, the rate would be much lower if we whitelisted legitimate-but-poorly-maintained mailservers. Also, the false positive rate is based on a portion of legitimate E-mail that we process here; different false positive rates may be found with different types of E-mail (for example, the false positive rates for SPAMCHK, SNIFFER, and CYBERSITTER are disproportionately high, as they examine the content of E-mail, and we receive a lot of legitimate E-mail that has copies of spam in it).
More information on most of the various spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
