[EMAIL PROTECTED] wrote:
John Rudd wrote:
You *will* not be getting a BAYES_90 or
BAYES_99 from that.
My first one got BAYES_80, without having seen that zombie/relay before.
That's enough for 2 points.
I think you're missing the point when I say "in the past" in relation to
scoring vs blacklists. It doesn't matter why an IP is listed, at some
point in the past that IP had to have been added before you can match
against it.
It does matter, because it's not a "late receiver effect" unless
someone, anyone, has received spam from that host before. And there's
no relationship between "previous email from that host at all" and
"being listed in the PBL".
In the case of PBL it contains more than just organization submitted
netblocks, it also includes ranges added by hand by Spamhaus for ranges
that appear to be end-user IP space that they have received spam from,
which IMO is probably majority of that list at this point.
Show me that the "that they have recieved spam from" part is how they
built their list, and not just "that appear to be end-user IP space".
And? That's still a late-receiver effect, this particular message scored
X points because of what Y host did Z minutes ago, where Z could be
days/weeks/months of minutes.
Any time I have seen the phrase "late receiver effect" used before, it
is about the message itself, and not the relay. Thus, Razor, which is
entirely about the message and not even remotely about the relay, is
entirely "late receiver effect" based.
Yes I failed to exclude BOTNET from that, it's the only score from the
original message that started this that is solid. The reason is because
BOTNET is proactive, all the others are either 100% reactionary or
nearly so (PBL).
My first one was caught by Botnet, Bayes_80 (again, no previous pdf
spam, and no previous activity from that relay), and UNIQUE_WORDS. Even
if Botnet alone hadn't been enough, and only had a score of 3 ...
_either_ of the other two would have been enough to push it up to 5.
