On Friday, February 25, 2005, 6:11:58 PM, David wrote: DB> Which can under certain circumstances be correct. If you had DB> signed up with the website then declude is correct in identifying DB> them as legitimate email. It is possible we could set up some DB> additional filters to help with a specific type of Spam.
Most of the time what is happening is that the IPs for these (and often even the URI) have not been picked up by other services yet so the total weight doesn't get pushed over the threshold. We see these events as "apparent false positives" in our MDLP analysis (the red mark at the end of the SNIFFER test is mostly new spam that only SNF is seeing, not actually FPs) http://www.sortmonster.com/MDLP/MDLP-Example-Long.html An interesting test that might help is to keep track of connect (source) IPs that are new - or relatively new. This same mechanism is part of the requested "Delay New IPs" feature... but even before then, our research suggests that a test that provides a weight based on how new an IP source is could be quite helpful... So, for example: Days --- Weight 0 --- 64 1 --- 32 2 --- 16 4 --- 8 5 --- 4 6 --- 2 7 --- 1 8+ --- 0 Based on a "spam threshold" of 100. On many systems a "Day Zero" IP along with SNF would be enough to filter the message out. After a couple of days other BLs are likely to take over. Just a thought ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
