On Monday 22 September 2003 06:04 pm, Karsten M. Self wrote: > on Mon, Sep 22, 2003 at 05:04:47PM -0700, Robin Lynn Frank ([EMAIL PROTECTED]) wrote: > > On Monday 22 September 2003 04:35 pm, Karsten M. Self wrote: > > > As I have: > > > > > > http://kmself.home.netcom.com/Rants/challenge-response.html > > > > Remember that quote about, "lies, danm lies and statistics'? > > > > I checked that URL. You throw in a smattering of statistics and > > pseudo-statistics and then make a whole boatload of assumptions. > > I quantify my results with spamassassin. Messages received, spam > identified, ham identified as spam, ham identified as ham, spam > identified as ham. > > While I don't have the data behind those particular statistics, I have a > current corpus of mail and spam, and can derive values which will be > markedly similar. I can also point to independently derived statistics > pointing to grossly similar results. > > > You want quantified data? Try this: > > > > We have been using TMDA since version 0.33. > > In a stock configuration? Or with additional spam and virus filtering > prepending TMDA C-R challenge issuing? The latter case mitigates most > of my complaints against TMDA specifically, but not C-R as a whole.
You didn't pay attention to my sig: Email acceptance policy: http://paradigm-omega.com/email_policy.html > > > Percent of challenges to forged email addresses: 0.00 > > What's your basis for this statement? Mail logs. > > > Percent of challenges to joe-job victims: 0.00 > > Again, how do you assess this? Ditto. > > > Percent of challenges to someone other than the initial sender: 0.00 > > Again, how do you assess this? Ditto > > You're missing a statistic: challenges not responded to. Since you've > already established that each of your challenges was issued to a > legitimate, non-spoofed address, It would seem that unanswered > challenges would tend to be legitimate mail for which the challenge > recipient elected not to comply with your system. Irrelavent. It is my right to determine what mail we accept. It is the sender's decision whether to accept our rules for accepting mail. > > > Now there is one thing you should ad to your web page. You should > > include information that you have no skills as a sysadmin. You might > > also want to add the assumption that you never will have. > > Do you really wish to libel me in public? > No sysadmin would put all their eggs in one basket. Sysadmins know that the most efficient way to control incoming mail is at the MTA level. They also know that ancillary tools have a cost in system resources and must balance the cost in system resources with the results they provide. That said, you asked if we used TMDA in stock configuration. The answer is no. Do you uses spamassassin in its stock configuration? If so yo must be getting spam sneaking throught at the 4.6 to 4.8 level. Also, depending on which version of spamassassin you are using, you may be doing lookups against RBLs that no longer work or are under DDoS attacks and are therefor, unreliable. You asked if we use any measures in addition to TMDA. Here is the list. Local access maps containing 39,000+ entries which include email addresses, domains, IP addresses, IP blocks, country TLDs and including 4700+ free email sources. Regexp and PCRE filtering of message headers, bodies and mime structures. Six RHSBLs and Six DNSBLs TMDA 0.84 SpamAssassin 2.60rc6 ClamAV Any further questions? -- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Email acceptance policy: http://paradigm-omega.com/email_policy.html Our current s$p%a&m-t*r#a^p: [EMAIL PROTECTED] _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
