Yet Another Ninja wrote:
FIW:
12 hr stats / tiny traffic trap box - no ham
I use a couple of DNSWLs to reject traffic from potential hammy IPs
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
1 RCVD_BARRACUDA 19721 83.30 83.46 8.00
<SNIP>
Spam detection seems good - no idea how it does with HAM
What I'm about to say is probably part of the reason that Alex started
those stats out with "fwiw", but when running stats like that, the "ham"
column is tricky.
Why? Because these are either False Positives--which is a very bad thing.
Or, these could be "False-False Positives"... which is a very good thing
because that would mean that those were really spams that would have
scored "below threshold" without use of the new list. (or, some mix of
these two)
For that reason, it is always helpful (if possible) if the tester can
examine some of the messages which make up the "ham" % on the new list
that is being evaluated. Recently, I had a user testing my own
blacklists who sent me such stats and I panicked. I sent an e-mail back
saying, surely I'm not blocking THAT many hams? He replied back stating
that, upon examination of the messages that made up the HAM category, he
couldn't find a single actual ham. They were all spam. (I breathed a big
sigh of relief!)
But I'd guess that most of that 8% of ham for Barracuda is probably
spam? Even if the barracuda list has too many FPs, I doubt it would be
that high!!?? I've seen such stats posted on anti-spam lists like SA,
but I don't recall anyone ever making that distinction.
--
Rob McEwen
http://dnsbl.invaluement.com/
[EMAIL PROTECTED]
+1 (478) 475-9032
