[Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial. I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 in-house hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal hold weight would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight. For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my hold weight. NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the hold weight most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the hold weight. To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the hold weight I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0. This is based upon the test described in the Your own sender blacklists section of the Declude.JunkMail. Whenever a spam e-mail slips under my hold weight I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the hold weight were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on spam domains (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for best practices sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my hold weight and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or is there so little legitimate e-mail passing through a server on the SPAMCOP list that if I am holding on that test the chance of actually catching legit e-mail is pretty low? #3) In addition to what I've learned about about Declude.JunkMail itself, I've also started using two of the 3rd-party freeware tools that have been released by Declude devotees, SpamReview and Delog. SpamReview is great and I use it every day to take a quick look at all of the e-mail that is being held by Declude.JunkMail. I haven't gotten to work with Delog as much but it seems pretty cool. Are there any other 3rd-party tools which I also might want to look closer at? #4) Since I established my hold weights I think Declude has only held 2 pieces of legitimate e-mail. I looked at them briefly in SpamReview before requeuing but I couldn't figure a good way to make sure that those would have passed through. I hesitate to up my hold weight (for 2 pieces of e-mail) and I'd rather just have a test that I could use to make certain domains (or users) exempt from Declude.JunkMail.
RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
In my experience SPAMCOP has been very good at weeding out SPAM and we hold/block using this test alone. We do occasionally get a false positive or two, but no more or less than any of RBL's that list known open relays. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, February 28, 2003 11:36 AM To: Declude JunkMail Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial. I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 in-house hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal hold weight would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight. For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my hold weight. NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the hold weight most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the hold weight. To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the hold weight I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0. This is based upon the test described in the Your own sender blacklists section of the Declude.JunkMail. Whenever a spam e-mail slips under my hold weight I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the hold weight were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on spam domains (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for best practices sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my hold weight and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or is there so little legitimate e-mail passing through a server on the SPAMCOP list that if I am holding on that test the chance of actually catching legit e-mail is pretty low? #3) In addition to what I've learned about about Declude.JunkMail itself, I've also started using two of the 3rd-party freeware tools that have been released by Declude devotees, SpamReview and Delog. SpamReview is great and I use it every day to take a quick look at all of the e-mail that is being held by Declude.JunkMail. I haven't gotten to work with Delog as much but it seems pretty cool. Are there any other 3rd-party
RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
In our experience as an ISP, this was our INITIAL reaction (based on my personal mailbox), However SPAMCOP turned into about 50% accuracy system wide, and we had to move to at least 2 RBL tests failed to hold, or SNIFFER. It would be a good idea to run the sniffer (http://www.sortmonster.com/sniffer/) trial as well. What declude is currently passing through sniffer should catch most of. -Tom -Original Message- From: Darrell L. [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? In my experience SPAMCOP has been very good at weeding out SPAM and we hold/block using this test alone. We do occasionally get a false positive or two, but no more or less than any of RBL's that list known open relays. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, February 28, 2003 11:36 AM To: Declude JunkMail Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial. I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 in-house hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal hold weight would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight. For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my hold weight. NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the hold weight most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the hold weight. To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the hold weight I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0. This is based upon the test described in the Your own sender blacklists section of the Declude.JunkMail. Whenever a spam e-mail slips under my hold weight I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the hold weight were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on spam domains (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for best practices sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my hold weight and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad
RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
Speaking of SPAMCOP, one option would be to increase the weight that that test applies. Then you will block mail that fails that test and another, but pass mail that fails only that test. YMMV __ David Fletcher InfoTech International, LLC. (904)338-9234 (904)721-1253 fax http://www.ITI-InfoTech.com __ -Original Message- From: Dan Geiser [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 11:36 AM To: Declude JunkMail Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial. I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 in-house hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal hold weight would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight. For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my hold weight. NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the hold weight most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the hold weight. To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the hold weight I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0. This is based upon the test described in the Your own sender blacklists section of the Declude.JunkMail. Whenever a spam e-mail slips under my hold weight I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the hold weight were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on spam domains (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for best practices sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my hold weight and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or is there so little legitimate e-mail passing through a server on the SPAMCOP list that if I am holding on that test the chance of actually catching legit e-mail is pretty low? #3) In addition to what I've learned about about Declude.JunkMail itself, I've also started using two of the 3rd-party freeware tools that have been released by Declude devotees, SpamReview and Delog. SpamReview is great and I use it every day to take a quick look at all of the e-mail that is
RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
It seems that SPAMCOP goes through cycles. Right now, I have not heard many complaints lately. But about 4 months ago, I had to lower its weight from hold to major test. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.