>> DSBL:6 SPAMCOP:10 BADHEADERS:6 HELOBOGUS:6 REVDNS:4 ROUTING:8 IPNOTINMX:2 >> NOLEGITCONTENT:2 COUNTRY:10 COMMENTS:153 SNIFFER:7 FIVETENSRC:5 >> EASYNET-DNSBL:7 EASYNET-DYNA:6 EASYNET-PROXIES:5 BH-CNKR:10 SORBS-HTTP:7 >> PSBL:5 CBL:5 GIBBERISHBODY:3 VERISCAM:7 BENTALLIPBL:7 BENTALLSPAMHINT:22 >> BENTALLSPAMURL:161 . Total weight = 464
> Wow! Andrew, So do you add 1 point per comment? 153 seems an odd total.... > What are those last 2 tests you have listed? What do they do / how are they > weighted? Paul, those last 3 tests are our in-house tests that may or may not be suitable for anyone else. The first of the three is an IPFILE test that contains our banned IPs. We put them here instead of IMail because we like the logging of the mail-handling decisions to all be in Declude's log. The second is a text FILTER test (only availabe with Declude JunkMail Pro) that has lots of snippets of spammish body text, including HTML content tips posted here (notably Kami, Bill and Matthew) and our own list of keywords to hint towards a body weight for spam that had made it through to mailboxes (e.g. last Christmas' little cars campaigns, and current mortgage and loan come-ons). The test is called 'hint' because every filter line is a low weight. The third is another text FILTER test, and contains URI specific hints as well as blacklisted domains (high weights) we see in URLs. I keep meaning to break this file in to two tests; the URI hints and the blacklisted domains. The COMMENTS test scored so high because after running for a month with the fixed weight option, and Scott's assurance that it only scores bogus comments and that I'd seen zero false positives, I found that it was a safe test, so I switched to the dynamic weight option, and score with a small base weight, and after that, it's up to the spammer as to how high the score will get. If you're interested in the URI hinting, I'd suggest that you look at Kami's filter files, which are much cleaner than what I could offer. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
