Funny, I sent a message about this last night, and since I didn't yet
reply to Pete, I'll do it here.
IMO, false positives are way under reported, and reporting spam has a
negligible effect on capture performance. It seems to me that people
should be more focused on reporting false positives, and that Sniffer
should be more focused in correcting them, and allowing for POP
retrieval would be a step in that direction. I disagree that POP
retrieval would impede the interactivity of the process, it would just
aid the first step in reporting it. It is much easier for me to copy
false positives that hit Sniffer to a mail box instead of manually
reporting them. This however is something that many won't bother doing
and that might be a good enough reason to not bother with it. I am
still going to automate my own reports. I have reprocess links in our
spam review accounts, and I will just need to end up writing something
complicated that takes the old message and creates a new one with it
attached. This is a must for me because of the time involved.
And just to clarify the issue with spam submissions being mostly
ineffective. I have found from maintaining my own blacklists that
reactive methods of blocking provide only a short-term gain when
combined with the other components in the system. I could literally sit
here blacklisting things 24 hours a day and get less than a 0.1% gain in
spam blocking, and it's better that I focus on other things with more
reward. Sniffer will pick up almost everything that we see without
effort, especially the big zombie spam campaigns and new static spam
blocks. The only things that Sniffer won't generally see without our
help is the niche spam, low volume spam campaigns, and some foreign
spam. I'm sure that Pete likes to have the feedback of what is getting
through, but I don't know that it does very much for capturing a
measurably larger amount of spam.
Matt
Pete McNeil wrote:
On Friday, October 14, 2005, 11:18:18 AM, Daniel wrote:
DB> Hello Pete,
DB> Are you going to implement something similar for false positives?
No.
The false positive process is very interactive, so each case is
handled individually until it is resolved. This works best as it is
currently described because a new email thread is created for each new
case and that thread can be followed to ground.
In contrast, spam submissions are treated anonymously without any
further interaction so it is appropriate for us to pick up the
messages and move on with our processing.
Hope this helps,
_M
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
