Where can I find a list of the latest result codes.
----- Original Message -----
From: "John T (Lists)" <[EMAIL PROTECTED]>
To: "Message Sniffer Community" <sniffer@sortmonster.com>
Sent: Monday, October 09, 2006 7:56 PM
Subject: [sniffer] Re: Experimental Abstract
I concur Pete in that I have been thinking about upping the weight for the
EXP tests. I recently changed ABST from 20 to 25. I attach at 25, hold at 30
and delete at 35.
SNIFFER-TRAVEL 47 20
SNIFFER-INSURANCE 48 20
SNIFFER-AV-PUSH 49 20
SNIFFER-WAREZ 50 30
SNIFFER-SPAMWARE 51 40
SNIFFER-SNAKEOIL 52 40
SNIFFER-SCAMS 53 40
SNIFFER-PORN 54 40
SNIFFER-MALWARE 55 25
SNIFFER-INKPRINTING 56 20
SNIFFER-SCHEMES 57 30
SNIFFER-CREDIT 58 30
SNIFFER-GAMBLING 59 30
SNIFFER-GENERAL 60 25
SNIFFER-EXP-ABST 61 25
SNIFFER-OBFUSCATION 62 25
SNIFFER-EXP-IP 63 20
John T
eServices For You
"Seek, and ye shall find!"
-----Original Message-----
From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf
Of
Pete McNeil
Sent: Monday, October 09, 2006 3:15 PM
To: Message Sniffer Community
Subject: [sniffer] Re: Experimental Abstract
Hello Alberto,
In earlier times we had a philosophy that no single test should trap a
message. The idea was that my combining tests the accuracy of the
filter system would always (qualified) be improved.
The blackhats have become extremely aggressive about burning IPs and
generating image spam and/or other abstracted, short lived, and
narrowly targeted campaigns.
As a result of these changes, it is often the case that our abstract
rules are the only thing that will fire on a message.
The bad news is that holding on any single test will probably lead to
more false positives.
The good news is that SNF:Experimental/Abstract has a very low false
positive rate.
It may be time to alter our philosophy w/ regard to the
experimental/abstract rules group and recommend that wherever
practical, messages should probably be held (not deleted) based on a
hit in this rule group.
Hope this helps,
_M
Monday, October 9, 2006, 5:59:44 PM, you wrote:
> Hello
> I'm getting storms of spam and Sniffer sets them as (Experimental
> Abstract)
> Can someone explain how have I to treat them?
> Many thanks in advance
> Alberto
>
#####################################################
########
> This message is sent to you because you are subscribed to
> the mailing list <sniffer@sortmonster.com>.
> To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
> Send administrative queries to <[EMAIL PROTECTED]>
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#####################################################
########
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
