Re: DCC hits of nonspam (message with drug ad image only )

Thu, 15 Dec 2005 17:43:00 -0800 

Graham Murray wrote:
> Matt Kettler <[EMAIL PROTECTED]> writes:
> 
> 
>>The last mass-checks for 3.1.0 gave it a S/O of about 0.980, but I'm
>>seeing more like 0.900 out of DCC at my site. Could just be the nature
>>of my site, but about a dozen common subscriber newsletters at my site
>>consistently hit it.
> 
> 
> Which is why it is a good idea to add such solicited bulk senders to
> the DCC whiteclnt which will make (your local) DCC not consider these
> to be bulk and hence spamassassin not to add the DCC score to them.
> 

To follow up, I looked into it, and there's WAY too many of these to whitelist
them all at my site.

I took a quick grep to look for messages unlikely to be spam. I did a quick grep
for messages that matched DCC_CHECK that:
        1) were not marked as spam by SA at threshold 5
        2) did not have a total score of 4.*
        3) did match BAYES_00 or BAYES_05.
        4) did not match any RAZOR2 rules
        5) were not listed in SpamCop, DSBL, SBL or XBL
        6) did not hit SPF_FAIL or SPF_SOFTFAIL
        7) did not match any rule with DRUGS, OBFU or FUZZY, in its name
        8) did not contain any geocities URL

I got 855 hits that fit all 8 of the above out of a total DCC_CHECK hits is
6894. That's a S/O of 0.875. My site is *massively* worse for DCC false
positives than the mass-check testing data. In this limited sample I have 6.25
times more nonspam hits per thousand than the mass-check tests did!

Admittedly I haven't verified all 855 were not spam, but it's pretty unlikely
that many of those 855 are spam given the great number if criteria I applied.
There's probably also a good number of FPs that don't meet the above criteria



DCC_CHECK Hits include:
        113 messages that are BSP_TRUSTED
        21 messages that are HABEAS_ACCREDITED_*

Hits include mail from:

        ebay (Real, SPF_PASS and BSP_TRUSTED)
        paypal (Real, SPF_PASS and BSP_TRUSTED)
        securityfocus (bugtraq postings)
        Fender (as in guitars)
        Iomega (maker of zip drives)
        Kodak
        applenews.lists.apple.com
        toysrus
        weightwatchers
        onehanesplace.com (As in Haynes underwear maker)
        buy.com
        hallmark.com
        fashionbug (women's clothes)
        eweek.com
        orbitz
        williams-sonoma
        walmart
        HP
        Buy.com

And hundreds of different relatively legitamate commercial sites. I just can't
react to this with DCC's whitelisting feature. There's too many sites to deal 
with.

Reply via email to