Re: Spamassassin effectiveness, BAYES_99

Mon, 23 Oct 2006 11:11:11 -0700 

Michael Beckmann schrieb:

Greetings!


Hello!


In the past few weeks, I have noticed significant amounts of spam 
passing through my filter. It is reaching a level that annoys me. I use 
Spamassassin 3.1.7.



I used to get maybe one or two spam messages a day earlier this year 
with 200+ spams filtered. Now I get 10 to 20 spams per day that are not 
automatically filtered (while something like 300+ are filtered.) Did 
anybody else notice this? Are spammers becoming more effective in 
working around SpamAssassin?



I examined the spam, and it seems that the majority of the messages 
score BAYES_99 and nothing or hardly anything else. BAYES_99 is not 
enough to filter the messages. I use the standard threshold of 5.



Oh you are lucky, often such messages here only score BAYES_80 or 
BAYES_50 (bayes is trained nearly daily ...).




I have been tempted to increase the BAYES_99 score to 5. I have seen 
that only very few ham messages of the newsletter type ever score 
BAYES_99 in my inbox.


Do others make similar observations? How do you deal with this?


As others suggested i would try to set the treshold near 4.0.

(I had some false-positives with list-mails see bottom, (but bayes was 
BAYES_00) but with no "regular-off-list-mails").




I am considering a "custom rule" to give messages with urls e.g. a score 
of say 1.0, to get those message which hit no other rules but bayes_99 
over the treshold. How do you think about this (i know it would also 
affect many ham-mails but since these usually dont get "other scores" it 
might not be dangerous?)


Is someone using such a rule and can give an example?


Thanks,

Michael


Greetings and hth
MH

a "false-positive" list-mail:

Content preview:  Yes, spamassassin definitely RULES! ;-D RE: Spamassassin

  Rules Yes, spamassassin definitely RULES! ;-D [...] 


Content analysis details:   (4.3 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.7 RCVD_NUMERIC_HELO      Received: contains an IP address used for HELO
-2.3 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                            [score: 0.0020]
 1.5 HTML_SHORT_LENGTH      BODY: HTML is extremely short
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.5 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
-0.1 AWL                    AWL: From: address is in the auto white-list

























					Reply via email to