Hi, >> The few that I sent to their FALSE address have always been challenged as legitimate. <<
Well, I can say that so far I have no complaints with their handling of any of my false-positive reports. >> I completely disabled SNF lookups to avoid complaints from our users << I always used Sniffer as part of a weighting scheme to compensate for false positives. Or, you could decide not to act on the Sniffer "IP" return code. >> need to ensure SNF causes no False Positives << I agree here. While I can excuse the occasional "accidental" FP - there should NOT be the mindset that customers just have to live with the fact that the IP rules WILL always catch a certain amount of good emails, because no effort has been made to exempt "known good" IP/RevDNS ranges. I also think that the "low false positive" argument is built on unproven assumptions. To me, researching and reporting a single false positives takes a very significant amount of time. Bigger users may simply have no practical way to reporting their false positives and instead just "cope" with it by using weight-based systems to compensate. The process of finding "clues" in the header, then finding the correct log file and then matching log file lines in Sniffer, then creating an evidence email, is just far too cumbersome. I should be able to forward any falsely identified emails (with SMTP headers) as easily as I can submit "real spam" for analysis. If that requires that Sniffer has to insert header information with the "rule number" - so be it. My inclination is, if it's currently 10 times harder to report false positives than it is to report missed spam, then I suspect that the false positive rates could be 10 times higher than what's actually being reported. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -----Original Message----- From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Dave Koontz Sent: Thursday, December 28, 2006 02:46 PM To: Message Sniffer Community Subject: [sniffer] Re: Rules for Large International ISPs Well, I guess I will ruffle "someones" feathers again with my response here, but like your oringial message, I think we need to be honest here. This is not a message sniffer 'popularity' contest after all, we are paying customers and need to ensure SNF causes no False Postives. Over the last few months, I've seen more an more false postives from Message Sniffer. The few that I sent to their FALSE address have always been challenged as legitimate. It's difficult at best for me to believe that our Local Newspaper and other legitimate sites that are classified by the SNF "EXPERIMENTAL-IP" rule are solid. As a result, I've constructed SA rules to counteract SNF False Postives. It got so bad within the last two weeks or so that I completely disabled SNF lookups to avoid complaints from our users. To add insult to injury, last year they drastically up the service price. Now my subscritpion is up for renewal. I am honestly thinking of NOT renewing it. IMO, seems that things have gone down hill since ARM bought the little company that could.... Couple that with two years worth of promises to update the MDaemon Plugin code, and all the various improvement that Spam Assassin and SARE rulesets have made... well I question if it's worth the inflated cost anymore. Shoot away Sniffer "Cheer-leaders"... at least I am being honest. ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
