RE: [sniffer] New Rulebot F001

2006-03-06 Thread Jay Sudowski - Handy Networks LLC
There's been at least one FP ;)

--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source  216.239.56.131
Hidden  false
Blocked false
Origin  Automated-SpamTrap
TypeReceivedIP
Created By  [EMAIL PROTECTED]
Owner   [EMAIL PROTECTED]
Strength2.08287379496965
False Reports   0
From Users  0
[FPR:B]

The rule is below threshold, and/or badly or broadly coded so it will be
removed from the core rulebase.


My concern with automated IP rule coding is that we use Sniffer because
it's extremely accurate.  Coding rules linked to IPs, particularly IPs
that are used by google or any large ISP to send large amounts of
(mostly legitimate) email is contrary to what Sniffer is great at, which
is tagging spam that no one else is.

Is response code 63 going to be utilized for any other purposes?  If
not, I will let Declude know to weight these responses lower than normal
Sniffer.

- Jay 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Monday, March 06, 2006 3:00 PM
To: sniffer@sortmonster.com
Subject: [sniffer] New Rulebot F001

Hello Sniffer folks,

  The first of the new rulebots is coming online.

  Rulebot F001 creates IP rules for sources that consistently fail
  many tests while also reaching the cleanest of our spamtraps.

  The rules will appear in group 63.

  The bot is playing catchup a bit (since there have been few IP rules
  at all since we disabled the old bots).

  The algorithms used in this bot have been tested manually for 2
  weeks with no false positives.

  Expect an increase in your rulebase size while F001 catches up with
  current spamtrap data.

Thanks,

_M

Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)


This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html



This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html


Re: [sniffer] New Rulebot F001

2006-03-06 Thread Darin Cox
We just reviewed this morning's logs and had a few false positives.  Not
sure if these are due to the new rulebot, but it's more than we've had for
the entire day for the past month.

Rules
--
873261
866398
856734
284831
865663

Darin.


- Original Message - 
From: Jay Sudowski - Handy Networks LLC [EMAIL PROTECTED]
To: sniffer@SortMonster.com
Sent: Monday, March 06, 2006 3:13 PM
Subject: RE: [sniffer] New Rulebot F001


There's been at least one FP ;)

--
Rule - 861038
NameF001 for Message 2888327: [216.239.56.131]
Created 2006-03-02
Source  216.239.56.131
Hidden  false
Blocked false
Origin  Automated-SpamTrap
TypeReceivedIP
Created By  [EMAIL PROTECTED]
Owner   [EMAIL PROTECTED]
Strength2.08287379496965
False Reports   0
From Users  0
[FPR:B]

The rule is below threshold, and/or badly or broadly coded so it will be
removed from the core rulebase.


My concern with automated IP rule coding is that we use Sniffer because
it's extremely accurate.  Coding rules linked to IPs, particularly IPs
that are used by google or any large ISP to send large amounts of
(mostly legitimate) email is contrary to what Sniffer is great at, which
is tagging spam that no one else is.

Is response code 63 going to be utilized for any other purposes?  If
not, I will let Declude know to weight these responses lower than normal
Sniffer.

- Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Monday, March 06, 2006 3:00 PM
To: sniffer@sortmonster.com
Subject: [sniffer] New Rulebot F001

Hello Sniffer folks,

  The first of the new rulebots is coming online.

  Rulebot F001 creates IP rules for sources that consistently fail
  many tests while also reaching the cleanest of our spamtraps.

  The rules will appear in group 63.

  The bot is playing catchup a bit (since there have been few IP rules
  at all since we disabled the old bots).

  The algorithms used in this bot have been tested manually for 2
  weeks with no false positives.

  Expect an increase in your rulebase size while F001 catches up with
  current spamtrap data.

Thanks,

_M

Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)


This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html



This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html



This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html