subject:"\[Declude.JunkMail\] Where I'm At Now and Where Should I Be Going\?"

[Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

2003-02-28 Thread Dan Geiser

Hello, All,

I am pushing hard to learn as much about Declude.JunkMail as my time allows
during the trial period.  I think I installed on February 11th so I'm about
17 days into the trial.

I was hoping to get some feedback from the list as far as things I might
have looked over and might want to consider looking into next.  Just to
bring things up to speed...

I am currently testing Declude.JunkMail Beta v1.67.  I have isolated 2
in-house hosts (out of the 90 we have on our IMail server) for testing
purposes.  For each host I did some pre-analysis to find out what an ideal
hold weight would be for each.  For the first host, with the domain name
NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight.  For the
second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as
my hold weight.  NEXUSTECHGROUP.COM probably gets about 90% legitimate
e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail.

Once I set up the hold weight most spam immediately started being caught
by Declude.  Those who receive e-mail at those domains were very impressed.
But there are still the occasional spam e-mail which make it under the
threshold of the hold weight.  To further fine tune Declude.JunkMail I
have done 2 things, one which was my idea (and I'm comfortable with) and
another which was done to please my boss, which I don't necessarily agree
with:

Fine Tuning #1:

This is the one I am comfortable with...

In addition to the hold weight I also hold e-mail for a test that I
created called SENDERBLOCK.  SENDERBLOCK is defined in GLOBAL.CFG as
SENDERBLOCK fromfile  D:\iMail\declude\senderblock.txt x 0 0.  This is
based upon the test described in the Your own sender blacklists section of
the Declude.JunkMail.  Whenever a spam e-mail slips under my hold weight I
add the sender's domain (provided it's an obvious spamming domain) to this
list.  That test has helped to filter a few more spam e-mails out of my
user's inboxes.

Fine Tuning #2:

This one I'm less comfortable with...

My boss noticed that a number of the spam e-mails that were still slipping
in underneath the hold weight were failing the test SPAMCOP.  He wanted to
know how come I wasn't filtering out all e-mails that failed that test as,
from his estimation, the SPAMCOP test was using a list of known spammers.  I
explained in detail the information I gleamed from the Declude.JunkMail web
site and the SPAMCOP web site about the accuracy of the SPAMCOP test.  I
know that the SPAMCOP test finds mail server which have a high incidence of
spam to legitimate e-mail but that real e-mail can pass through those
servers.

I told him I'd rather continue to filter on spam domains (via SENDERBLOCK)
and that I was trying to avoid catching any legitimate e-mail altogether.
I'm trying to set the bar low enough so that a) most spam is caught, b) no
legitimate e-mail is caught and then c) filtering further for actual
identified spam e-mails.  He thinks it's too much overhead to add each
domain name whereas I think over time as I add more and more domains to the
list the number of domains I have to add will go down considerably.
Needless to say I gave in and just started holding for the SPAMCOP test
because I really didn't feel like taking the time to turn him over to my
spam blocking philosophy.

So that's basically where I'm at right now and from this I've come up with a
number of questions and/or comments I am looking for feedback on.  Mostly
I'm looking for best practices sorts of answers from the community as a
whole...

#1) Are there are any other tests, which I am missing, like the SENDERBLOCK
test which I might want to consider adding to my bag of tricks to continue
to filter out spam e-mail which slide in under my hold weight and also
fall in line with my philosophy, i.e. catching legit e-mail is a bad thing?

#2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or
is there so little legitimate e-mail passing through a server on the SPAMCOP
list that if I am holding on that test the chance of actually catching legit
e-mail is pretty low?

#3) In addition to what I've learned about about Declude.JunkMail itself,
I've also started using two of the 3rd-party freeware tools that have been
released by Declude devotees, SpamReview and Delog.  SpamReview is great and
I use it every day to take a quick look at all of the e-mail that is being
held by Declude.JunkMail.  I haven't gotten to work with Delog as much but
it seems pretty cool.  Are there any other 3rd-party tools which I also
might want to look closer at?

#4) Since I established my hold weights I think Declude has only held 2
pieces of legitimate e-mail.  I looked at them briefly in SpamReview before
requeuing but I couldn't figure a good way to make sure that those would
have passed through.  I hesitate to up my hold weight (for 2 pieces of
e-mail) and I'd rather just have a test that I could use to make certain
domains (or users) exempt from Declude.JunkMail.

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

2003-02-28 Thread Darrell L.

In my experience SPAMCOP has been very good at weeding out SPAM and we
hold/block using this test alone.  We do occasionally get a false
positive or two, but no more or less than any of RBL's that list known
open relays.

Darrell

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Friday, February 28, 2003 11:36 AM
To: Declude JunkMail
Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be
Going?

Hello, All,

I am pushing hard to learn as much about Declude.JunkMail as my time
allows
during the trial period.  I think I installed on February 11th so I'm
about
17 days into the trial.

I was hoping to get some feedback from the list as far as things I might
have looked over and might want to consider looking into next.  Just to
bring things up to speed...

I am currently testing Declude.JunkMail Beta v1.67.  I have isolated 2
in-house hosts (out of the 90 we have on our IMail server) for testing
purposes.  For each host I did some pre-analysis to find out what an
ideal
hold weight would be for each.  For the first host, with the domain
name
NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight.  For
the
second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12
as
my hold weight.  NEXUSTECHGROUP.COM probably gets about 90% legitimate
e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam
e-mail.

Once I set up the hold weight most spam immediately started being
caught
by Declude.  Those who receive e-mail at those domains were very
impressed.
But there are still the occasional spam e-mail which make it under the
threshold of the hold weight.  To further fine tune Declude.JunkMail I
have done 2 things, one which was my idea (and I'm comfortable with) and
another which was done to please my boss, which I don't necessarily
agree
with:

Fine Tuning #1:

This is the one I am comfortable with...

In addition to the hold weight I also hold e-mail for a test that I
created called SENDERBLOCK.  SENDERBLOCK is defined in GLOBAL.CFG as
SENDERBLOCK fromfile  D:\iMail\declude\senderblock.txt x 0 0.  This is
based upon the test described in the Your own sender blacklists
section of
the Declude.JunkMail.  Whenever a spam e-mail slips under my hold
weight I
add the sender's domain (provided it's an obvious spamming domain) to
this
list.  That test has helped to filter a few more spam e-mails out of my
user's inboxes.

Fine Tuning #2:

This one I'm less comfortable with...

My boss noticed that a number of the spam e-mails that were still
slipping
in underneath the hold weight were failing the test SPAMCOP.  He
wanted to
know how come I wasn't filtering out all e-mails that failed that test
as,
from his estimation, the SPAMCOP test was using a list of known
spammers.  I
explained in detail the information I gleamed from the Declude.JunkMail
web
site and the SPAMCOP web site about the accuracy of the SPAMCOP test.  I
know that the SPAMCOP test finds mail server which have a high incidence
of
spam to legitimate e-mail but that real e-mail can pass through those
servers.

I told him I'd rather continue to filter on spam domains (via
SENDERBLOCK)
and that I was trying to avoid catching any legitimate e-mail
altogether.
I'm trying to set the bar low enough so that a) most spam is caught, b)
no
legitimate e-mail is caught and then c) filtering further for actual
identified spam e-mails.  He thinks it's too much overhead to add each
domain name whereas I think over time as I add more and more domains to
the
list the number of domains I have to add will go down considerably.
Needless to say I gave in and just started holding for the SPAMCOP test
because I really didn't feel like taking the time to turn him over to my
spam blocking philosophy.

So that's basically where I'm at right now and from this I've come up
with a
number of questions and/or comments I am looking for feedback on.
Mostly
I'm looking for best practices sorts of answers from the community as
a
whole...

#1) Are there are any other tests, which I am missing, like the
SENDERBLOCK
test which I might want to consider adding to my bag of tricks to
continue
to filter out spam e-mail which slide in under my hold weight and also
fall in line with my philosophy, i.e. catching legit e-mail is a bad
thing?

#2) Am I correct in my assumption that holding for SPAMCOP is a bad idea
or
is there so little legitimate e-mail passing through a server on the
SPAMCOP
list that if I am holding on that test the chance of actually catching
legit
e-mail is pretty low?

#3) In addition to what I've learned about about Declude.JunkMail
itself,
I've also started using two of the 3rd-party freeware tools that have
been
released by Declude devotees, SpamReview and Delog.  SpamReview is great
and
I use it every day to take a quick look at all of the e-mail that is
being
held by Declude.JunkMail.  I haven't gotten to work with Delog as much
but
it seems pretty cool.  Are there any other 3rd-party

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

2003-02-28 Thread Tom Baker | Netsmith Inc

In our experience as an ISP, this was our INITIAL reaction (based on my
personal mailbox),
However SPAMCOP turned into about 50% accuracy system wide, and we had to
move to at least 2 RBL tests failed to hold, or SNIFFER.

It would be a good idea to run the sniffer
(http://www.sortmonster.com/sniffer/) trial as well. What declude is
currently passing through sniffer should catch most of.

-Tom

-Original Message-
From: Darrell L. [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 28, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be
Going?


In my experience SPAMCOP has been very good at weeding out SPAM and we
hold/block using this test alone.  We do occasionally get a false positive
or two, but no more or less than any of RBL's that list known open relays.

Darrell

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Friday, February 28, 2003 11:36 AM
To: Declude JunkMail
Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

Hello, All,

I am pushing hard to learn as much about Declude.JunkMail as my time allows
during the trial period.  I think I installed on February 11th so I'm about
17 days into the trial.

I was hoping to get some feedback from the list as far as things I might
have looked over and might want to consider looking into next.  Just to
bring things up to speed...

I am currently testing Declude.JunkMail Beta v1.67.  I have isolated 2
in-house hosts (out of the 90 we have on our IMail server) for testing
purposes.  For each host I did some pre-analysis to find out what an ideal
hold weight would be for each.  For the first host, with the domain name
NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight.  For the
second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as
my hold weight.  NEXUSTECHGROUP.COM probably gets about 90% legitimate
e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail.

Once I set up the hold weight most spam immediately started being caught
by Declude.  Those who receive e-mail at those domains were very impressed.
But there are still the occasional spam e-mail which make it under the
threshold of the hold weight.  To further fine tune Declude.JunkMail I
have done 2 things, one which was my idea (and I'm comfortable with) and
another which was done to please my boss, which I don't necessarily agree
with:

Fine Tuning #1:

This is the one I am comfortable with...

In addition to the hold weight I also hold e-mail for a test that I
created called SENDERBLOCK.  SENDERBLOCK is defined in GLOBAL.CFG as
SENDERBLOCK fromfile  D:\iMail\declude\senderblock.txt x 0 0.  This is
based upon the test described in the Your own sender blacklists section of
the Declude.JunkMail.  Whenever a spam e-mail slips under my hold weight I
add the sender's domain (provided it's an obvious spamming domain) to this
list.  That test has helped to filter a few more spam e-mails out of my
user's inboxes.

Fine Tuning #2:

This one I'm less comfortable with...

My boss noticed that a number of the spam e-mails that were still slipping
in underneath the hold weight were failing the test SPAMCOP.  He wanted to
know how come I wasn't filtering out all e-mails that failed that test as,
from his estimation, the SPAMCOP test was using a list of known spammers.  I
explained in detail the information I gleamed from the Declude.JunkMail web
site and the SPAMCOP web site about the accuracy of the SPAMCOP test.  I
know that the SPAMCOP test finds mail server which have a high incidence of
spam to legitimate e-mail but that real e-mail can pass through those
servers.

I told him I'd rather continue to filter on spam domains (via
SENDERBLOCK)
and that I was trying to avoid catching any legitimate e-mail altogether.
I'm trying to set the bar low enough so that a) most spam is caught, b) no
legitimate e-mail is caught and then c) filtering further for actual
identified spam e-mails.  He thinks it's too much overhead to add each
domain name whereas I think over time as I add more and more domains to the
list the number of domains I have to add will go down considerably. Needless
to say I gave in and just started holding for the SPAMCOP test because I
really didn't feel like taking the time to turn him over to my spam blocking
philosophy.

So that's basically where I'm at right now and from this I've come up with a
number of questions and/or comments I am looking for feedback on. Mostly I'm
looking for best practices sorts of answers from the community as a
whole...

#1) Are there are any other tests, which I am missing, like the SENDERBLOCK
test which I might want to consider adding to my bag of tricks to continue
to filter out spam e-mail which slide in under my hold weight and also
fall in line with my philosophy, i.e. catching legit e-mail is a bad thing?

#2) Am I correct in my assumption that holding for SPAMCOP is a bad

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

2003-02-28 Thread David Fletcher

Speaking of SPAMCOP, one option would be to increase the weight that that test 
applies.  Then you will block mail that fails that test and another, but pass mail 
that fails only that test.

YMMV


__
David Fletcher
InfoTech International, LLC.
(904)338-9234
(904)721-1253 fax
http://www.ITI-InfoTech.com
__

-Original Message-
From: Dan Geiser [mailto:[EMAIL PROTECTED]
Sent: Friday, February 28, 2003 11:36 AM
To: Declude JunkMail
Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be
Going?


Hello, All,

I am pushing hard to learn as much about Declude.JunkMail as my time allows
during the trial period.  I think I installed on February 11th so I'm about
17 days into the trial.

I was hoping to get some feedback from the list as far as things I might
have looked over and might want to consider looking into next.  Just to
bring things up to speed...

I am currently testing Declude.JunkMail Beta v1.67.  I have isolated 2
in-house hosts (out of the 90 we have on our IMail server) for testing
purposes.  For each host I did some pre-analysis to find out what an ideal
hold weight would be for each.  For the first host, with the domain name
NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight.  For the
second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as
my hold weight.  NEXUSTECHGROUP.COM probably gets about 90% legitimate
e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail.

Once I set up the hold weight most spam immediately started being caught
by Declude.  Those who receive e-mail at those domains were very impressed.
But there are still the occasional spam e-mail which make it under the
threshold of the hold weight.  To further fine tune Declude.JunkMail I
have done 2 things, one which was my idea (and I'm comfortable with) and
another which was done to please my boss, which I don't necessarily agree
with:

Fine Tuning #1:

This is the one I am comfortable with...

In addition to the hold weight I also hold e-mail for a test that I
created called SENDERBLOCK.  SENDERBLOCK is defined in GLOBAL.CFG as
SENDERBLOCK fromfile  D:\iMail\declude\senderblock.txt x 0 0.  This is
based upon the test described in the Your own sender blacklists section of
the Declude.JunkMail.  Whenever a spam e-mail slips under my hold weight I
add the sender's domain (provided it's an obvious spamming domain) to this
list.  That test has helped to filter a few more spam e-mails out of my
user's inboxes.

Fine Tuning #2:

This one I'm less comfortable with...

My boss noticed that a number of the spam e-mails that were still slipping
in underneath the hold weight were failing the test SPAMCOP.  He wanted to
know how come I wasn't filtering out all e-mails that failed that test as,
from his estimation, the SPAMCOP test was using a list of known spammers.  I
explained in detail the information I gleamed from the Declude.JunkMail web
site and the SPAMCOP web site about the accuracy of the SPAMCOP test.  I
know that the SPAMCOP test finds mail server which have a high incidence of
spam to legitimate e-mail but that real e-mail can pass through those
servers.

I told him I'd rather continue to filter on spam domains (via SENDERBLOCK)
and that I was trying to avoid catching any legitimate e-mail altogether.
I'm trying to set the bar low enough so that a) most spam is caught, b) no
legitimate e-mail is caught and then c) filtering further for actual
identified spam e-mails.  He thinks it's too much overhead to add each
domain name whereas I think over time as I add more and more domains to the
list the number of domains I have to add will go down considerably.
Needless to say I gave in and just started holding for the SPAMCOP test
because I really didn't feel like taking the time to turn him over to my
spam blocking philosophy.

So that's basically where I'm at right now and from this I've come up with a
number of questions and/or comments I am looking for feedback on.  Mostly
I'm looking for best practices sorts of answers from the community as a
whole...

#1) Are there are any other tests, which I am missing, like the SENDERBLOCK
test which I might want to consider adding to my bag of tricks to continue
to filter out spam e-mail which slide in under my hold weight and also
fall in line with my philosophy, i.e. catching legit e-mail is a bad thing?

#2) Am I correct in my assumption that holding for SPAMCOP is a bad idea or
is there so little legitimate e-mail passing through a server on the SPAMCOP
list that if I am holding on that test the chance of actually catching legit
e-mail is pretty low?

#3) In addition to what I've learned about about Declude.JunkMail itself,
I've also started using two of the 3rd-party freeware tools that have been
released by Declude devotees, SpamReview and Delog.  SpamReview is great and
I use it every day to take a quick look at all of the e-mail that is

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

2003-02-28 Thread John Tolmachoff

It seems that SPAMCOP goes through cycles. Right now, I have not heard many
complaints lately. But about 4 months ago, I had to lower its weight from
hold to major test.

John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA  92835
www.reliancesoft.com



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?

5 matches

Site Navigation

Mail list logo

Footer information