At 10:46 AM 7/10/2003 +1200, Simon Byrnand wrote:>0.5 (Severe),
Egads,
> 1.5 (High),
Ouch,
> 4.0 (Medium),
Oww.
These three settings are going to give you false positives galore.
4.0 isn't all that bad.. according to STATISTICS.txt 4.0 should give you 0.44% FP rate in v 2.54, which is a lot more than the 0.08% for 5.0, but not quite insane.
Statistics don't tell the full story though, a certain % FP rate is all very nice in theory, but it tends to hide the fact that most of the FP's are certain *kinds* of emails, rather than just email in general. And sometimes those certain kinds of emails are very important.
As for the top two, well.. "severe" and "high" certainly imply that false positives should be expected..
Really for the "straight laced" type email account which doesn't get a lot of crude humor or commercial email, low thresholds work OK. However when you start getting into general purpose accounts with a lot of solicited commercial mail, jokes, mailing lists, etc your FP rate will climb quite high.
Well even "straight laced" email accounts can get false positives with a threshold of 5 or even our default 7. In particular it's been brought to my attention that Microsoft Outlook "netfolder updates" score higher than 7, (seemingly due to bugs in two high scoring SA rules that fire when they shouldn't - I added a bug in bugzilla, but its too late to fix for 2.60 unfortunately)
Another case is a company I wont mention whose online payment receipts go over 5, but manage to score just under our default 7. Theres no funny html or anything in it, but it has things like "no real name" for the from email address, most of the receipt is in capitals, so it triggers the all caps rule(s) and so on. All innocent things which add up to more than 5.
Really the "well suited threshold" is very dependent on your environment and usage, but I will agree that I'm kinda surprised his "medium" level isn't at 5.0 or slightly higher.
I'd say that with all checks (bayes, rbl's, razor, dcc etc) enabled, that 5.0 is pretty good for "straight laced" email acounts, and 7 is reasonable for "most people". Any higher than 8 and you start missing a lot of spam.
YMMV
Regards, Simon
------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
