On Thu, Dec 11, 2008 at 05:57:10PM +0000, Ned Slider wrote: > > Genuine spam traps are great for bayes training as they should contain a > representative sample of spam your users will be seeing plus you know > they only contain spam so you don't need to check the contents before > feeding them to bayes to learn :) > > I do the same - whitelist a few *good* spamtraps through all my > different levels of filtering specifically to feed bayes. I also use > these for statistical analysis to see which types of mail SA scores > poorly on and then target custom rules towards those spam to help bump > the scores. > > I'm sure there's other useful stuff you can do with spamtrap mails too.
Unfortunately it takes a lot of effort to create *good* spamtraps. It's just too much trouble for a normal admin, I leave it to those who have time on their hands. You can do the simple grep for "mistyped" non-existant addresses from logs etc, but it's just silly botnet crud that doesn't represent the "real" spam coming to real users (that leak their addresses in all sort of ways). I don't see any point Bayes-learning simple-to-block botnet mails either, since it's completely separate thing from the sneakier 419 and phish stuff..
