Hi all who are interested on this, I've checked our declude logfiles for the last 24 hours and came to this result:
In messages processed: 1829 Identified as spam: 102 >From this 37 spam messages has had a popular domain as from address. >From this 21 has had enough points to be catched without POPULARDOMAINS The other 16 spams was catched with the help of POPULARDOMAINS There was 30 real messages using a popular domain as from address. >From this 25 passed our filters 19 of them with the theoretical minimum 70% of the hold value 6 of them triggered also another test without reaching the hold value 5 real messages was blocked by our rules. 4 of them was messages from Yahoo Groups To resolve this I've changed the entry in the blacklist from "yahoo.com" to "@yahoo.com" because all mails from Yahoo Groups has a sender address "@xyz.groups.yahoo.com" There was one single message written from a hotmail user that triggered also the HEUR10 test. (I think because it was written in HTML, and contains a lot of words like $, cash, money...) This message was blocked as false positive. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
