On Tuesday, February 7, 2006, 7:48:46 PM, David wrote: DS> Hello Pete,
DS> Tuesday, February 7, 2006, 7:43:52 PM, you wrote: PM>> The rule would match the intended spam (and there was a lot of it, so PM>> 22,055 most likely includes mostly spam. DS> On spot check I'm seeing about 30-40% of the messages are valid. That seems like a good statistic. (feels right) PM>> Unfortunately it would also match messages containing the listed PM>> capital letters in that order throughout the message. Essentially, if PM>> the text is long enough then it will probably match. A greater chance PM>> of FP match if the text of the message is in all caps. Also if there PM>> is a badly coded base64 segment and file attachment (badly coded PM>> base64 might not be decoded... raw base64 will contain many of these PM>> letters in mixed case and therefore increase the probability of PM>> matching them all). DS> Not sure, can anyone think of a way to cross check this? What if I put DS> all the released messages back through sniffer? That would be good -- new rules were added to correctly capture the bad stuff. I almost suggested something more complex. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
