On Wednesday, September 8, 2004, 11:13:18 AM, Harry wrote: HV> I am testing sniffer right now and wonder if I need to run all the other HV> tests along side it.
Well, you can probably get by without the other tests, but since you have Declude it would be MUCH better if you keep the other tests in place. Declude's strength is that it allows you to aggregate a variety of tests for greater accuracy. Sniffer is very, very good, but you will certainly see some benefit by using it along with other tests. HV> I am trying to reduce my daily workload of analyzing the "spamtrap" and hope HV> that sniffer and surbl will do this. Sniffer is perfect for that - particularly if you share your spamtrap data with us. Put another way, if you allow us to use your spamtrap then we will be taking over this work for you. All we need is POP3 account information and some details on how your spamtrap was formed so that we can properly classify it in our SPHUD (Spam Processing Heads Up Display). HV> Do I even need surbl? Probably not. One of the AI elements in our robots crossreferences incoming spamtrap data with SURBL and other tests. More often than not we have the domain tagged before we see it in SURBL, and if we don't we grab it quickly. HV> Any advice in this matter would be greatly appreciated. I recommend reviewing the Spam Test Quality Analysis: <http://www2.spamchk.com/public.html> You can use this to help tune your Declude configuration. I recommend applying the forumula: W = (a^2)100 Where (W) is the individual test weight (magnitude) based on test accuracy and (a) is the accuracy measured in the analysis (SA = spam-test accuracy, HA = ham-test accuracy). [ Regarding (magnitude), ham tests generate negative weights and spam tests generate positive weights. W will always be a positive value, so if you use an HA value for (a) then you will want to apply a negative W as your weight in Declude. ] For example, SNIFFER SA = 0.95, so W = ((0.95)^2)*100 = 90.25, Weight = 90. FIVETEN-SRC SA = 0.59, so W = ((0.59)^2)*100 = 34.81, Weight = 35. NOLEGITCONTENT HA=0.38, so W = ((0.38)^2)*100 = 14.44, Weight = -14 -- This test is measured when the test does not fail, so -14 must go in second weight column, not the first. If you use this analysis you should have your "hold weight" at or about 100. If you set your hold weight lower than 100, you will capture more spam at the risk of more false positives. If you set your hold weight higher than 100 you will have fewer false positives and more spam. !! This is research in progress - these formulas appear to work very well in preliminary testing. If you are already happy with your weighting system then you should probably stick with that until this theory has been tested further. !! We are developing a utility to do this work automatically. In the mean time, you can go through your test weights manually. You shouldn't have to do this frequently. Hope this helps, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.