On Wednesday, June 16, 2004, 7:51:56 PM, Kirk wrote: KM> At 01:36 PM 6/16/04 -0400, Pete McNeil wrote: >> >>IPs that are coded into the experimental rule group have at least hit >>our spamtraps in a verifiable spam message and frequently have also >>been verified by an alternate source such as SBL, spamcop, etc... I would >>guess that more than 70% of the IP rules that are coded in the >>experimental group have at least two reasons to be there at this point. >> >>I recommend that you increase the weighting on the experimental group >>and be aggressive about reporting any false positives that might >>arise. False positives in the experimental rule groups have been >>dropping for some time and will continue to do so. If your weighting >>is based on earlier experiences it is definitely time to revisit those >>calculations.
KM> I have bumped up ther experimental scoring somewhat, and my false KM> positive rate has been extremely low. I'm using Sniffer in conjunction with KM> mxGuard, which also adds scores for RBL hits so, if Sniffer marks it as KM> experimental, 3 RBL hits will add enough to get a message dumped. Lately KM> though, I've been receiving a ton of mortgage spam from 64.136.98.55 that KM> only gets 1 RBL hit and Sniffer tags as experimental, thus they are still KM> passing through. I know of a number of systems that hold on Sniffer alone, and then drop a message on sniffer and one or two RBLs... Of course, every system is different. What you might try is bumping experimental high enough so that you hold on the experimental group and one RBL. If your FP rate is extremely low this should be safe. Best, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
