|
Combination tests might be even better in a Bayesian system, though
weighting also has some strengths in combination tests like this.
Another combination that I would like to see would be a DUL combo.
This way you could add many DUL lists, but only assess a certain number
of points on any number of hits. Then add DUL to SpamCop and you've
got a near perfect test.... I pass most of SpamCop's false positives, but I do have problems when they FP along with MAILPOLICE and some very low weighted tests such as FIVETEN. I failed these two messages from AOL that SpamCop tagged because they both also tripped BASE64 for 3 points, and NOPOSTMASTER and NOABUSE for 1 point each. I use the last two tests primarily to raise the bar for big ISP mail servers since many large ISP's will fail these tests, and such servers don't generally get listed in RBL's and they aren't likely to fail Declude's technical tests. Matt Colbeck, Andrew wrote: Matt, That would be an excellent combination. Much as SPAMCOP plus SBL would be a very, very good combination. And SPAMCOP plus SBL plus [insert favorite DYNA/DUL test] would be practically perfect.For my inbound mail, I don't mind if SpamCop.net is listing an AOL server, or anybody's for that matter. I sure would if I had a weak antispam mechanism that could only do ip4r blacklisting, though. Especially if they didn't have a timeout for de-listing a particular IP when the spam volume drops. In fact, I appreciate SpamCop.net listing an AOL server when they get an appreciable amount of spam through it, because I don't expect only DNS based tests or only content inspection to catch that inbound spam. My weighting system is such that several tests need to be triggered to catch the spam. That means that if an AOL server is listed by SpamCop, individual messages from that service become more sensitive to content inspection as well as similar listing by other providers' DNS based tests. YMM, Andrew. -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 15, 2004 3:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Some Spam Tests Andrew, This is also particularly hurtful when a zombie sends E-mail through one of these servers. I almost never see SpamCop blocking big ISP mail servers, but I see zombies relaying through ISP mail servers every day. This would actually be a good candidate for a combination test. You could disable SpamCop when it also hit AHBL-GOOD with a net score of 0, but not credit AHBL-GOOD otherwise. Of course, SpamCop could just fix their issues with ISP mail servers. Who knows, maybe their stance is to force ISP's into active defenses against zombies relaying through them??? Matt Colbeck, Andrew wrote:I'd recommend all of them but FIVETEN-MULTISTAGE. Always start with a very low weight, like 1. Then evaluate them in your own environment; my results may be interesting, but it's yours that you care about. I also recommend AHBL-EXEMPTIONS as a whitelisting test, e.g. AHBL-GOOD ip4r exemptions.ahbl.org 127.0.0.2 -5 0 To reward "known good" servers (whic isn't to say that NO spam comes from them, but does indicate that the baby shouldn't be thrown out with the bathwate). This is particularly helpful, for example, if SpamCop lists an AOL outbound mail server. Andrew 8) -----Original Message----- From: Brian T [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 15, 2004 1:24 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question about Some Spam Tests I recently came across the following tests and was wondering if anybodyelsewas using these tests? What your thoughts are of these tests? And what kind of results you have received from these tests? The test are as follows: AHBL-RELAYS AHBL-PROXIES AHBL-SOURCES AHBL-PROVISIONAL AHBL-FORMMAIL AHBL-DUL FIVETEN-SPAM FIVETEN-BULK FIVETEN-MULTISTAGE FIVETEN-SPAMSUPPORT FIVETEN-MISC NJABL-DYNABLOCK NJABL-RELAYS NJABL-DUL NJABL-SOURCES NJABL-MULTI NJABL-FORMMAIL NJABL-PROXIES Thank you for your time. Brian Thompson Online Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus(http://www.declude.com)]--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- Re: [Declude.JunkMail] Question abou... Joshua Levitsky
- RE: [Declude.JunkMail] AOL on SP... Andy Schmidt
- Re: [Declude.JunkMail] AOL on SP... Matt
- RE: [Declude.JunkMail] AOL on SP... Andy Schmidt
- Re: [Declude.JunkMail] AOL on SP... Matt
- RE: [Declude.JunkMail] AOL on SP... Andy Schmidt
- Re: [Declude.JunkMail] AOL on SP... Matt
- Re: [Declude.JunkMail] Question ... Matt
- Re: [Declude.JunkMail] Question ... R. Scott Perry
- RE: [Declude.JunkMail] Question about Some Spam Tests Colbeck, Andrew
- RE: [Declude.JunkMail] Question about Some Spam Tests Matt
- RE: [Declude.JunkMail] Question about Some Spam Tests Markus Gufler
- [Declude.JunkMail] Turn on ONLY Virus Scan Chris Butler
- Re: [Declude.JunkMail] Turn on ONLY Virus Sca... R. Scott Perry
