On Sat, 19 Mar 2011 05:42:22 +0400 Hamad Ali <crownco...@hotmail.com> wrote:
> Can I assume that your solution that detected a portion of the spear > phish is 100% SA? In case not fully SA, any hints on its mechanics? It's not fully SA. We don't use the SA Bayes implementation; we have our own that considers both individual words and word pairs. We also have a shared Bayes database among our customer sites. We keep a window of mail over a few weeks and do nightly Bayes database updates; our database currently contains tokens from about 1.7 million messages (~800k spam and ~900k ham). We also use the APER list at http://code.google.com/p/anti-phishing-email-reply/ that I mentioned before. And finally, we run our own DNSBL lists (described at http://www.roaringpenguin.com/products/canit-reputation-rbl) > Any approximate numbers on percentages of detected spear phish vs. > slipped through ones? I have no idea. Our customers don't always report statistics back to us. Regards, David.
