On Thu, 2005-04-07 at 11:24 -0400, Kevin Sullivan wrote: > If you think about this, it isn't surprising. At the time the mass-checks > ran for 3.0.2, the 3.0.2 rules caught almost all of the spam of that time. > (If they didn't, then people wrote rules until they did.) So dynamic > systems like Bayes and SURBL didn't add much. and thus scored low. This > will be the case during every release. > But now, between releases, spammers write spam which evades the "standard" > rules. Sure, there will be new "standard" rules for the next SA release, > but until then dynamic systems like Bayes and SURBL are all that are > catching some spam.
This looks like the smoking gun. Wouldn't make sense, then, to pre-emptively bump up the scores for the dynamic systems right from the beginning? They will be slightly over- rated at first, become perfectly rated after a while, then start getting under-rated as more time passes. That will certainly be better than the current situation, when the dynamic rules are perfectly rated only at first, but immediately they start to "decay" (well, not really, but i'm trying to find a concise metaphor). Or how about this: In the big SA config file, add a parameter that controls the overall weight of the static versus the dynamic things. Release the next SA version with that parameter set so that it gives more importance to the static systems. Tell users (in a prominent, obvious, even intrusive fashion!) to adjust that parameter every now and then, to give more importance to the dynamic systems as time passes. Or even, heck, make SA track time and automatically increase the importance of the dynamic systems as time passes. That will make it, of course, one of those scary self-adaptive systems that pull the carpet from under sysadmin's feet :-) but if it stops the spam, then who cares. I believe you're right, that's what's causing me problems - the spammers started to learn the static rules and are evading them. Well, if that's true, then SA must provide a mechanism to control that. An overall static-vs-dynamic "balance button" might be a good idea. Or not. <shrug> I will try to bump up the Bayes rules and see where that goes. Thanks everyone. -- Florin Andrei http://florin.myip.org/
