Yeah, and here's the kicker. He personally has two separate email
accounts. One is published in every Thomas Register, trade journal,
phone book, etc... No brainer for spam there. It's also the one he
uses as his primary account. The other address is unpublished and
"rarely used", according to him, so it should receive very little or no
spam at all in his opinion. Howver (anyone surprised?), both are
getting the identical same spam at the same time, so he has concluded in
his mind that someone has either broken in to our network and
"harvested" the addresses, or someone internally (should I feel pressure
here?) is doing something fishy on purpose.
Some people just shouldn't be allowed to use computers...
Paul Boven wrote:
Hi Jason,
Jason Granat wrote:
I am under the gun to prove a point. We have a spambox account that
catches roughly 500-700 spams per day, company wide. We have about
10 highly active email users. My boss thinks it's rediculous that so
much spam is being sent to us. Very little spam actually gets to the
users. He's upset that spam comes in at all. He thinks it's just
our organization that receives all this spam. What I would like to
have is some typical statistics to show him that it's not just our
orginization that receives spam. Are there any resources out there
to look this up? Would any of you be willing to divulge your spam
statistics?
I pity you for having to work under that kind of management. ;-)
Here are some stats from our mailserver, for the last week:
inbound ham spam rej
Per day 4699 2035 1178 1486
% 100 43 25 31
Spam-filter performance:
seen ham spam FN FP
Per day 3123 2035 1178 30 0
The spam-filter only gets to see the messages that have not been
rejected. FN and FP are false negatives (undetected spam) and false
positives (incorrectly marked as spam). So how well is SpamAssassin +
Bayes doing in this case? There are several ways to calculate.
% of mail that was misqualified:
100% * (FN + FP) / seen = 0.63%
% of 'bad' mail that still makes it to the user:
100% * FN / (spam + rej + FN) = 1.11 %
% of mail that was misqualified by SpamAssassin:
100% * FN / (ham + spam) = 0.96%
% of received spam that didn't get tagged:
100% * FN / (spam + FN) = 2.48%
Take your pick of any of those four numbers, they all mean the same
thing. The actual performance of the filter in my opinion is 0.63%,
but just looking at their spam-folder and inbox, a user might claim
that the filter is only 2.48% effective.
Regards, Paul Boven.
