EXCELLENT!!!!!! :) Many thanks :) Atleast now I aint going in blind, although I still dont know what to do, but thats another issue :)
Cheers! eddie. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Smart Business Lists Sent: Monday, October 14, 2002 12:24 AM To: eddie pang Subject: Re: [Declude.JunkMail] Spam Mail Statistics eddie, Monday, October 14, 2002 you wrote: EP> New user to JunkMail here.. Welcome to the war. EP> I know that declude has a spam trap. Is there data available on EP> this to determine how effective each test is? Scott posts his monthly spam stats to the IMAIL forum - see http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ search for "Spam Statistics" or for September see http://www.mail-archive.com/[email protected]/msg58649.html I think a lot of others keep stats on test results but I don't think I've seen them widely posted. There are 3rd party programs to help you monitor tests and results. See http://www.declude.com/tools/index.html EP> I am very interested in expanding our definitions from the current EP> defaults, but before i can do that, i kinda would like to see how EP> the each test compares at a bigger sampling.. Or is everyone going EP> on different pathways... My experience indicates that communities are sufficiently different to require research and subsequent changes. The September and August report from Scott referenced above will certainly give you a larger picture. The problem is not so much trapping messages as that is easy but not trapping legitimate (and wanted) messages that fail tests. There are a good many blacklists of IP's and addresses posted all over the web and there are contributors both here and on the IMAIL list that post such lists. But for the most part where I have tried these in the past I just end up having to weed out more false spam messages. EP> Also, how can i create a spam trap, discussed at http://www.mail-archive.com/[email protected]/msg02642.html and try a google on the phrase "create a spam trap" EP> to evaluate how effective each test is to properly setup each EP> weights e.g. Is there a test that is 100% effective in EP> identifying spam like helobogus There is really nothing that 100% of spam fails and 100% of non-spam doesn't fail as far as I know. I fail on the single tests: ORDB, MAILFROM, PERCENT, SNIFFER, and one IP blacklist. All other tests have to accumulate to a fail weight. EP> recommend on how new users should approach to building a better EP> and efficient definitions... It depends a bit on what you want to do. You can take a wholesale approach and delete or mark many messages and try to figure out a way to move the responsibility downstream to the user - or not. Or you can take a more granular approach and try to refine your system so that you are more and more effective on trapping spam and reducing false positives. In the former case it doesn't matter too much what you do. In the latter though you have to develop a review strategy for your spam control system. It is not something you can do just once and forget because things change. 1) develop a review strategy a) LOG action and then review declude logs b) HOLD action and then review with a program like spam review (you have to add lines to the header to indicate tests failed and weights) c) combination of a and b 2) develop your own weighting system a) some have several levels with different action b) I use pass/HOLD but I review HOLD 3) the Plus and Minus weights with filters is very good and allows really good tweaking 4) develop actions you can manage It is not possible for very high volume systems to hold and review messages as an example. I think it is better to start simpler and then gradually add complexity as you understand what is happening. Another very good tool for us was Sniffer - see http://www.sortmonster.com/MessageSniffer/ helped reduce our false positives to about 1% from 4% EP> Is there a tool available that will read the junkmail logs and EP> break down each test as to their effectiveness? http://www.declude.com/tools/index.html lots of good things reported about spam review. HTH Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
