The following is a list of tests that we run against the E-mails arriving at the spamtrap, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.77% WEIGHT20 97.83% NOLEGITCONTENT 95.56% SPAMCHK 94.94% SPAMMANAGER 94.26% SNIFFER 93.73% IPNOTINMX 91.39% XBL 78.75% EASYNET-DNSBL 78.17% SPAMCOP 73.79% MAILDEFLECTOR 62.95% DSBLALL 60.11% DSBL 59.76% EASYNET-PROXIES 55.43% BADHEADERS 54.25% EXPER 53.80% REVDNS 40.35% BLARSBL 40.02% MONKEYPROXIES 38.72% HELO 37.35% FIVETENSRC 36.82% FREEMAIL 32.66% NOPOSTMASTER 32.49% ROUTING 31.73% BLITZEDALL 26.80% NOABUSE 26.08% OSPROXY 23.86% SPAMHAUS 20.68% COMPU 20.06% SPAMHEADERS 17.10% IPWHOIS 15.55% OSSOFT 14.56% OSSRC 13.73% COMMENTS 12.00% BASE64 9.39% DSN 9.19% FABELSOURCES 7.65% DELINK 7.56% EASYNET-DYNA 6.96% INTERSIL 6.26% VOX 5.24% SPAMBAG 4.81% NJABLDUL 3.98% LNGSDUL 3.97% FIVETENIGNORE 3.91% NJABL 2.71% BADWHOIS 2.60% OSRELAY 2.18% ORDB 2.08% OSDUL 1.93% FIVETENOPTIN 1.55% MAILFROM 1.45% LNGSBLOCK 1.31% KUNDENSERVER 1.19% PIGS 1.10% DNSRBL-DUN 0.84% NONENGLISH 0.58% KITHRUP 0.43% DSBLMULTI 0.40% JIPPG-DUL 0.30% FIVETENMULTI 0.08% DEVNULL 0.07% FIVETENOTHER 0.06% RSL 0.02% DNSMAILLIST 0.02% FLOWGO 0.02% JIPPG-DULJP 0.01% FIVETENWEBFORM 0.01% LNGSSRC 0.00% FIVETENSINGLE 0.00%
The WEIGHT10 and WEIGHT20 tests are a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch as much as 98-99+% of spam with extremely few false positives). It is also important to note that different tests are more likely to produce false positives (such as the IPNOTINMX, XBL, REVDNS, and SPAMHEADERS tests, that all catch a lot of spam, but catch a lot of legitimate mail as well); those tests are best used in a weighting system, so E-mail will only be marked as spam if it fails a combination of tests. The NOLEGITCONTENT and IPNOTINMX tests were designed to help identify legitimate E-mail (rather than spam), which accounts for their high percentages.
Another interesting point is that more than 50% of all spam can be caught with the BADHEADERS test, which will never catch any legitimate E-mail (unless it is sent from a non-RFC-compliant mail client). That's because so many spammers forge headers, and because spamware is typically written by people who do not know how to program well. Also worth noting is that about 55% of spam comes from "open proxies" (computers typically set up to cache web pages), and 40% of spam comes from IPs that are missing a reverse DNS entry.
There are 3 spam tests that catch over 90% of the spam in our spamtraps: SPAMMANAGER ( http://www.spammanager.com ) at 94.26%, SNIFFER ( http://www.sortmonster.com ) at 93.73%, , and SPAMCHK ( http://www.riedmann.it/spamchk/ ) at 94.94% (at its strictest setting; normally, a less strict setting would be used, to minimize false positives).
More information on most of the spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
