List Mail User wrote: >> ... >> > I believe some people using the SARE rules report ~100 points for them > (after half a day or so, they fail every net test, and very many > "small" rules). Also, the typical ones are delivered by zombies, so > often the DUL tests hit right away, and if you can afford to refuse > bad DNS at the MTA level (many large sites can't), you'll never see > most of them. > > The last one I got hit: > BAYES_99,DIGEST_MULTIPLE,FORGED_MUA_IMS,HELO_DYNAMIC_COMCAST,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_COMPLETEWHOIS,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_ABUSE,URIBL_RHS_AHBL,URIBL_RHS_DSN,URIBL_RHS_NOCOMPLAINTS,URIBL_RHS_NOSTDMAIL,URIBL_RHS_POST,URIBL_RHS_URIBL_BLACK,URIBL_RHS_WHOIS,URIBL_SBL,URIBL_SBL_COMWHOIS,URIBL_SC_SURBL,URIBL_WS_SURBL,URIBL_XS_SURBL > > A slightly earlier one got a much lower score with: > BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_80_90,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,UPPERCASE_25_50,URIBL_RHS_POST,URIBL_RHS_WHOIS >
Umm... I don't see any SARE rules in there. The fact is, SARE isn't terribly effective against these 1-column drug spams. The only SARE hit I got was SARE_SPEC_LEO_LINE03f with a whopping 0.18 points, or occasionally SARE_SPEC_LEO_MEDS with 1.67 points. Sure, with every possible network test enabled you will catch most everything. But some of us don't have unlimited resources. ;) Pierre
