Hello Listonians,
I had intended to squeeze in a year-to-date update on my Entourage rule
counting experiment, but December 4 rolled around and I was much too busy.
So, a baker's year (13 months?) will have to do.
On December 4, 2002 at midnight (actually, 12:28, but that's less dramatic)
I installed my Rule Counter scripts and set some new rules to execute the
scripts as part of their action. The scripts have quietly executed,
invisible and unnoticed, since then. It was truly gratifying this December
to check in on the rule execution counts, and to look at all the values.
This is not: "A Quantitative Analysis of the Method and Composition of
Unsolicited Bulk Email using AppleScript and the Entourage 2001 Email Client
for Macintosh"
This is: "Gary Counted Rule Execution and Doh! That's a Lot of Junk."
o Why?
I started to do this for two reasons:
1. to see if my approach to rules was actually valuable in protecting my
inbox;
2. to see if my writing of rules was actually helpful in relation to what I
was receiving (curiosity about certain rules, too.)
(And it was a side-effect of my trying to script the marking of messages by
category depending on what rule moved them.)
I think my general organizational method is pretty good. With the use of
dummy rules named [class]------------ and the like for visual separation of
the list, it's easier to manage than previously and it allows me to quickly
find a rule in the window. Ordering of rules is critical also, so this
helped me keep things in order.
Some of the rules that it took the longest to make were the least effective
in relation to what I actually received. (Some of this I knew, like
'address matching'. Nearly pointless. But I was still curious.)
o What did I measure?
I only counted the number of times a rule matched (executed a script which
updated the count) the IF clause. (I did not measure execution time of
individual rules at all.) Address matching rules, aside from being the least
effective for me, take the longest to set up and to maintain (as well as
being slow to finish.)
After collecting lots of solid suggestions for rules, mostly here on this
list and at the MVP's site, I constructed several "rule classes". Groups of
rules might all (each) update the same counter. For example, one "class" of
rules that I have all focus on content type headers. The rules are slightly
different but all look at the same basic thing, and therefore I set up those
rules all to fire (update) the "Bad Attachment Rule Counter".
o What did I find?
Keep in mind that my rule counts apply to my rules and to uses of my email
address. YMMV. I do hope that some of what I found out will be useful to
others.
1. The absolute best "rule" in Entourage 2001, for me, is the built-in Junk
Mail Filter. This is no surprise. They're experts, I'm not. It's a great
tool.
My JMF ditched 5938 pieces of mail.
2. The greatest source of spam for me was from less than 50 newsgroup
postings (not 50 different NG's...less than 50 postings). I used a new NG
address for the same time that I counted rules.
Insecure mailing lists (that web archive) were also a source of spam. I also
used a new address for mailing list subscriptions. I counted incoming mail
that was from an unknown source (not in my AB, not from the list, not from
the list domain, not an Off-List message from a list member).
This rule ditched 2230 pieces of mail, with only 1/4 attributed to "bad
list" mail and the remaining to "bad newsgroup" mail. (Less than 50
postings in a few NG's and I received over 1600 pieces of spam.)
3. For me, the third most-executed set of rules is actually a group of rules
that all look at messages where an Attachment Does Not Exist but the
document contains a header as if it did.
It appears to be a common spam weirdness.
These two rules:
Attachment --> Does Not Exist
Specific Header --> Content-Type --> Contains --> multipart/mixed
Attachment --> Does Not Exist
Specific Header --> Content-Type --> Contains --> multipart/alternative
executed a combined 692 times. (Thanks to Mickey for those, IIRC.)
4. Labor-intensive 'address or domain matching' rules were the least
performing, catching only 84 pieces of spam.
5. A useful rule (particularly useful for Hotmail) is when a message does
not even contain my own address in a TO: header.
This rule:
Any Recipient --> Does Not Exist
matched 114 pieces of junk mail that my mail box received when I wasn't even
an addressed recipient. Pretty good for a short and sweet rule.
I do not even notice my rules executing the scripts to update counts, so I
will leave the rules updating as they are. But, I'm going to ditch the
slowest and least-used rules, which contain my absolute "black list" of
addresses and domains.
I'm going to disable them and see if the other rules will pick up the pieces
for other reasons. If there are some noticeable offenders that need to be
"black listed" again, then I'll add them back I suppose.
Happy spam hunting. Hope you catch some.
--
Gary
"They sought it with thimbles, they sought it with care;
��They pursued it with forks and hope;
����The threatened its life with a railway-share;
������They charmed it with smiles and soap."
-- Lewis Carroll, The Hunting of the Snark
Spam Spin:
"Heck, he's such a newbie he doesn't even get spam."
--
To unsubscribe:
<mailto:[EMAIL PROTECTED]>
archives:
<http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/>
old-archive:
<http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
