I should note here, that they aren't actually making it to his inbox,
for the most part. We just see them in the spambox after they've been
flagged. That's how we know what address they were originally being
sent to.
Jason Granat wrote:
Yeah, and here's the kicker. He personally has two separate email
accounts. One is published in every Thomas Register, trade journal,
phone book, etc... No brainer for spam there. It's also the one he
uses as his primary account. The other address is unpublished and
"rarely used", according to him, so it should receive very little or
no spam at all in his opinion. Howver (anyone surprised?), both are
getting the identical same spam at the same time, so he has concluded
in his mind that someone has either broken in to our network and
"harvested" the addresses, or someone internally (should I feel
pressure here?) is doing something fishy on purpose.
Some people just shouldn't be allowed to use computers...
Paul Boven wrote:
Hi Jason,
Jason Granat wrote:
I am under the gun to prove a point. We have a spambox account that
catches roughly 500-700 spams per day, company wide. We have about
10 highly active email users. My boss thinks it's rediculous that
so much spam is being sent to us. Very little spam actually gets to
the users. He's upset that spam comes in at all. He thinks it's
just our organization that receives all this spam. What I would
like to have is some typical statistics to show him that it's not
just our orginization that receives spam. Are there any resources
out there to look this up? Would any of you be willing to divulge
your spam statistics?
I pity you for having to work under that kind of management. ;-)
Here are some stats from our mailserver, for the last week:
inbound ham spam rej Per day 4699
2035 1178 1486 % 100 43 25 31
Spam-filter performance:
seen ham spam FN FP
Per day 3123 2035 1178 30 0
The spam-filter only gets to see the messages that have not been
rejected. FN and FP are false negatives (undetected spam) and false
positives (incorrectly marked as spam). So how well is SpamAssassin +
Bayes doing in this case? There are several ways to calculate.
% of mail that was misqualified:
100% * (FN + FP) / seen = 0.63%
% of 'bad' mail that still makes it to the user:
100% * FN / (spam + rej + FN) = 1.11 %
% of mail that was misqualified by SpamAssassin:
100% * FN / (ham + spam) = 0.96%
% of received spam that didn't get tagged:
100% * FN / (spam + FN) = 2.48%
Take your pick of any of those four numbers, they all mean the same
thing. The actual performance of the filter in my opinion is 0.63%,
but just looking at their spam-folder and inbox, a user might claim
that the filter is only 2.48% effective.
Regards, Paul Boven.
