Re: Pyzor or DCC

Wed, 22 Jul 2009 04:23:09 -0700 


Matus UHLAR - fantomas wrote:

On 21.07.09 19:18, Luis Daniel Lucio Quiroz wrote:

  

Ok, here is my doubt.  I know who are Pyzor and DCC, and I really convinced 
that a statistic test is a must to detect spam. But my doubt is next:

- It is good to have both tests or just one?

    

listing in DCC means that the spam was received many times by many users on
the net. Listing in RAZOR/PYZOR means that many users have reported it as
spam, so I would ask how is it possible that such mail got listed.
Yes, see my comment above for PYZOR...

  

Minor correction, DCC measures BULK email, not necessarily spam, which 
is one good reason to use razor also.

(and a good reason to use DCC!)


The way DCC works is automatic (unless sender is whitelisted), the 
checksums or headers and paragraphs are checked against a database of a 
40 Million checksum database.  the act if CHECKING the checksum adds it 
(and if you are using the commercial version, last untrusted ip) to the 
database.



THIS IS NOT A BAD THING., it has to see many many (hundreds) of servers 
checking that same checksum before it sets the response to 'many'.



Yes, if you use the spamassassin --report and DCC it will send a special 
report to DCC, but for the most part, DCC' automatic 'bulk' detection is 
perfect.
Since no human involved.  The danger of 'false positives' are if you use 
DCC to block 'spam' when you are blocking 'bulk' email, and you really 
should whitelist any mailing lists yo belong to.  Just to make things 
faster and less prone to FP's.



--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008

_________________________________________________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

_________________________________________________________________________

  





















					Reply via email to