That is very significant, and could explain what I'm seeing. I'm going to increase my delete weight a bit for a while to make sure there are no high FPs.
I do see the following detection rates from yesterday (3/30) AHBL 97.4% CBL 99.9% CSMA 97.1% CSMA-SBL 93.4% JAMMDNSBL 76.0% PSBL 96.9% SBL 99.5% SENDERDB-BL 96.4% SNIFFER 98.7% SPAMCOP 99.7% UCEPROTECT1 100% UCEPROTECT2 97.2% rates for all seem to have increased significantly over the past couple of days. BTW, I sent to the Junkmail in part so others could comment on other tests that may have significantly changed. Darin. ----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: "Darin Cox" <Declude.JunkMail@declude.com> Sent: Thursday, March 31, 2005 8:09 AM Subject: Re: [Declude.JunkMail] Huge reduction in hold queue On Wednesday, March 30, 2005, 10:35:52 PM, Darin wrote: DC> Pete, DC> DC> Have you make significant changes to the sniffer rulebase in the past couple of days? DC> DC> I'm seeing a _huge_ reduction in hold queue messages... DC> roughly down 65%... while total message volume is steady. Only DC> thing I can figure is that the rulebase is suddenly identifying DC> most of the messages that fail other tests as well, pushing most DC> over the delete limit.... or other tests like SpamCop, DC> Mailpolice, etc. have made significant changes... I've checked a DC> few sites for news, but am not seeing anything new. DC> DC> The sudden change has me a wee bit concerned...cautiously optimistic, but concerned. THis might be better asked on the Sniffer forum rather than Declude's though I'm sure they don't mind. The only thing I can think of is that there has been a greater use of message fragment rules over the past few days in response to some of the newer campaigns. I wouldn't call that a radical change - but it has been a moderately heavy shift. In particular there is a new snake oil campaign that is using a number of randomized obfuscated segments in their message and we've been capitalizing on that. I don't see any significant shifts in the statistics. What I do see is a subtle change in the shape of the new rule capture curve (see the left side of this chart): http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp I have also seen higher spam rates and SNF capture rates in recent MDLP data on our system: http://www.sortmonster.com/MDLP/MDLP-Example-Short.html What counts in cases like these are false positive rates... If it seems that we're catching a lot more spam then lets be sure it really is spam. So far FP rates are nominal though there is a spike yesterday in the number (this appears to be an automated system that submits FPs from users -- the batch contains a larger than usual number of duplicate submissions -- this happens from time to time with this customer). http://www.sortmonster.com/MessageSniffer/Performance/FalseReportsRates.jsp Hope this helps, _M --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
