Re: [Declude.JunkMail] IPNOTINMX, NOLEGITCONTENT

Thu, 05 Feb 2004 00:19:54 -0800

Both filters will fail above 90% of the time on typical traffic patterns. I give 10% of my hold weight in credit for passing IPNOTINMX and 20% of my hold weight in credit for NOLEGITCONTENT. A fair amount of spam will pass IPNOTINMX, however these will only be static spam sources that are much more likely to be perma-listed in multiple RBL's, so it's generally not a big issue, especially with such a low credit. IPNOTINMX on the other hand, uses magic to determine what passes and what doesn't pass :) It's rare that it will give credit to spam. Many server generated E-mails will also fail both tests (contrary to your suggestion). System notifications are notoriously challenged in a technical sense, especially when coming from Microsoft servers. It's better to fix the server's config instead of adjusting Declude unless it's a special situation and you whitelist the server from private IP space.

Naturally, the effectiveness of using these can't be measured in isolation. If you are still relying very heavily on SpamCop that suggests that you probably want to do some more in-depth monitoring (they have very serious problems with false positives, even tagging large ISP mail servers like AOL and Yahoo Groups). I don't think there's any good way to make informed decisions about weight without monitoring, making adjustments, and monitoring some more. Use lots of RBL's, but be choosey about what you use, and make sure you understand what they are testing, and how their hits, and especially the false positives, correspond to the other tests that you are using. The process should take you at least a month of watching to get the basics down, and of course to some extent, the process will never end because both the spammers and RBL's are in constant flux.

Matt



Robert Shubert wrote:

I recently turned on the IPNOTINMX and NOLEGITCONTENT filters to see how
they work. They seem to do more harm than good, for instance I weight 10
SPAMCOP since that service works well for me, but these filters lowered
the weight so that spamcop (only) spams get through.

I do understand that they solve an issue of server generated emails, one
email that was getting marked as spam was a system report from a
firewalled server, IP 10.1.1.something. This email is now not spam, as
it shouldn't be, but I'm not sure about the tradeoff.

Are other people using these filters successfully? Is it better to keep
them with a low negative weight or disable them altogether and just rely
on positive tests?

Thanks for your input.

Robert

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.





--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to