I have 46 RBL's configured, though 16 are configured to score
differently on last hop and prior hops. I would say that more than 35
of these are things that I would not like to lose.
I weight most RBL's at around half of my Hold weight in Declude. False
positives on my system typically hit about 5 different tests of various
types before they get enough weight to be blocked. Sniffer is the test
most often a part of false positives, being a contributing factor in
about half of them. About 3/4 of all FP's (things that are blocked by
my system) are some form of automated or bulk E-mail. That's not to say
that other tests are more accurate; they are just scored more
appropriately and tend to hit less often, but the FP issues with Sniffer
have grown due to cross checking automated rules with other lists that I
use, causing two hits on a single piece of data. For instance, if SURBL
has an FP on a domain, it is possible that Sniffer will pick that up too
based on an automated cross reference, and it doesn't take but one
additional minor test to push something into Hold on my system.
IMO, the more tests, the better. It's the best way to mitigate FP's. I
don't look to Sniffer as anything more than a contributer to the overall
score. Sniffer can't block a message going to my system on it's own due
to it's weighting. I think it's more important to be accurate than to
hit more volume, and handling false positive reports with Sniffer is
cumbersome for both me and Sniffer. I would hope that any changes seek
to increase accuracy above all else. Sniffer does a very good job of
keeping up with spam, and it's main issues with leakage are caused by
not being real-time, but that's ok with me. At the same time Sniffer is
the test most often a part of false positives, being a contributing
factor in about half of them. About 3/4 of all FP's (things that are
blocked by my system) are some form of automated or bulk E-mail. That's
not to say that other tests are more accurate; they are just scored more
appropriately and tend to hit less often, but the FP issues with Sniffer
have grown due to cross checking automated rules with other lists that I
use, causing two hits on a single piece of data, and the growth of the
Sniffer userbase which has become more likely to report first-party
advertising as spam, either manually or through an automated submission
mechanism.
Matt
Pete McNeil wrote:
Hello Sniffer Folks,
I have a design question for you...
How many DNS based tests do you use in your filter system?
How many of them really matter?
Thanks!
_M
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
