Hello Fox,Thomas, I might ad that for a long while it has been a common recommendation for SNF to be weighted at 70-80% of your "hold" weight. Quite often, some result categories are weighted to hold on their own.
These days blackhats are using a burst-mode delivery tactic that makes it virtually certain the IPs they are using are previously unknown and unlisted. As a result, if several IP blacklist hits are required in addition to SNF then you are much more likely to see leakage than in previous months. In testing our new GBUdb engine on our spamtrap servers I can see a constant stream of new IPs sourcing spam and I also see the rate of new IPs spike significantly when new variants of messages arrive. These spikes are much higher than previously measured and continue to grow. Hope this helps, _M PS: GBUdb is a real-time collaborative behavior analysis engine that tracks statistics on good, bad, unknown (ugly), and ignored IPs. The engine will be part of the next release of SNF due shortly. Wednesday, September 20, 2006, 10:02:36 AM, you wrote: > Hi Rick, > I've found that tuning for spam is a constant process. I am always > tweaking settings, changing weights, etc., in response to spam > leakage. > Just yesterday I spent about 2 hours on it. > I (very reluctantly) implemented some phrase filtering, using the > filter function in Declude. I've been reluctant to do phrase filtering > in the past, just because I'm so scared of false positives, but I > was able to work with a phrase list I was pretty sure would be safe. > I also increased the weighting of some of the other Sniffer tests we > use, specifically the tests that scan for porn, get rich quick and > stuff like that. The weighting isn't so high that any one test will cause > the message to fail, but I did set it high enough on a few of the > Sniffer result codes so that it fails that specific Sniffer test and just > one other test, it will fail as spam. > It comes down to, IMHO, how much time you want to spend on it, > and how vigilant you want to be. I'd much rather spend a few hours > a month tweaking settings, than dealing with lusers calling daily > because they got an ad for Viagra. :-) > I'd be happy to share my config files privately if you think it would > help. > Good luck! > Tom >> I just signed my annual renewal for Sniffer but it seems that >> it used to >> catch lots of the email and now is only catching about 50% of >> the email Why >> when we are sending in our information does this continue to >> happen? We are >> getting lots of you won, Pharmacy spelled wrong and nonsense >> emails that >> sail through both Declude and Sniffer. Between the 2 of them >> that is over >> $1000 per year for spam/virus/hijack protection that seems >> not be happening >> like it used to. Any answers as to when we will get relief on these? >> >> Rick Hogue > --- > [This E-mail scanned for viruses by Declude Virus] > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[email protected]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> -- Pete McNeil Chief Scientist, Arm Research Labs, LLC. ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
