[sniffer] Experimental Abstract

2006-10-09 Thread Alberto Santoni
Hello

I'm getting storms of spam and Sniffer sets them as (Experimental
Abstract)
Can someone explain how have I to treat them?

Many thanks in advance
Alberto



#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



[sniffer] Re: Experimental Abstract

2006-10-09 Thread John T (Lists)
I concur Pete in that I have been thinking about upping the weight for the
EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30
and delete at 35.

SNIFFER-TRAVEL  47  20
SNIFFER-INSURANCE   48  20
SNIFFER-AV-PUSH 49  20
SNIFFER-WAREZ   50  30
SNIFFER-SPAMWARE51  40
SNIFFER-SNAKEOIL52  40
SNIFFER-SCAMS   53  40
SNIFFER-PORN54  40
SNIFFER-MALWARE 55  25
SNIFFER-INKPRINTING 56  20
SNIFFER-SCHEMES 57  30
SNIFFER-CREDIT  58  30
SNIFFER-GAMBLING59  30
SNIFFER-GENERAL 60  25
SNIFFER-EXP-ABST61  25
SNIFFER-OBFUSCATION 62  25
SNIFFER-EXP-IP  63  20

John T
eServices For You

Seek, and ye shall find!

 -Original Message-
 From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
 Pete McNeil
 Sent: Monday, October 09, 2006 3:15 PM
 To: Message Sniffer Community
 Subject: [sniffer] Re: Experimental Abstract
 
 Hello Alberto,
 
 In earlier times we had a philosophy that no single test should trap a
 message. The idea was that my combining tests the accuracy of the
 filter system would always (qualified) be improved.
 
 The blackhats have become extremely aggressive about burning IPs and
 generating image spam and/or other abstracted, short lived, and
 narrowly targeted campaigns.
 
 As a result of these changes, it is often the case that our abstract
 rules are the only thing that will fire on a message.
 
 The bad news is that holding on any single test will probably lead to
 more false positives.
 
 The good news is that SNF:Experimental/Abstract has a very low false
 positive rate.
 
 It may be time to alter our philosophy w/ regard to the
 experimental/abstract rules group and recommend that wherever
 practical, messages should probably be held (not deleted) based on a
 hit in this rule group.
 
 Hope this helps,
 
 _M
 
 Monday, October 9, 2006, 5:59:44 PM, you wrote:
 
  Hello
 
  I'm getting storms of spam and Sniffer sets them as (Experimental
  Abstract)
  Can someone explain how have I to treat them?
 
  Many thanks in advance
  Alberto
 
 
 
 
 #
 
  This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
  To unsubscribe, E-mail to: [EMAIL PROTECTED]
  To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
  To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
  Send administrative queries to  [EMAIL PROTECTED]
 
 
 
 --
 Pete McNeil
 Chief Scientist,
 Arm Research Labs, LLC.
 
 
 #
 
 This message is sent to you because you are subscribed to
   the mailing list sniffer@sortmonster.com.
 To unsubscribe, E-mail to: [EMAIL PROTECTED]
 To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
 To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
 Send administrative queries to  [EMAIL PROTECTED]




#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]



[sniffer] Re: Experimental Abstract

2006-10-09 Thread Jay Sudowski - Handy Networks LLC
I was setting a lower weight on the experimental/abstract result codes
due to inconsistent results in the past.  However, after a review of
customer spam that was still getting through, I increased the weighting
on those codes to equal our hold weight.  Customer is much happier now.

-Jay

-Original Message-
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On
Behalf Of Pete McNeil
Sent: Monday, October 09, 2006 6:15 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Experimental Abstract

Hello Alberto,

In earlier times we had a philosophy that no single test should trap a
message. The idea was that my combining tests the accuracy of the
filter system would always (qualified) be improved.

The blackhats have become extremely aggressive about burning IPs and
generating image spam and/or other abstracted, short lived, and
narrowly targeted campaigns.

As a result of these changes, it is often the case that our abstract
rules are the only thing that will fire on a message.

The bad news is that holding on any single test will probably lead to
more false positives.

The good news is that SNF:Experimental/Abstract has a very low false
positive rate.

It may be time to alter our philosophy w/ regard to the
experimental/abstract rules group and recommend that wherever
practical, messages should probably be held (not deleted) based on a
hit in this rule group.

Hope this helps,

_M

Monday, October 9, 2006, 5:59:44 PM, you wrote:

 Hello

 I'm getting storms of spam and Sniffer sets them as (Experimental
 Abstract)
 Can someone explain how have I to treat them?

 Many thanks in advance
 Alberto



 #
 This message is sent to you because you are subscribed to
   the mailing list sniffer@sortmonster.com.
 To unsubscribe, E-mail to: [EMAIL PROTECTED]
 To switch to the DIGEST mode, E-mail to
[EMAIL PROTECTED]
 To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
 Send administrative queries to  [EMAIL PROTECTED]



-- 
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.


#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]




#
This message is sent to you because you are subscribed to
  the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to  [EMAIL PROTECTED]