See http://www.declude.com/plea.htm.
My summary:
Declude uses multiple criteria to reject. Declude, naturally, thinks this is the best.
You seem to be confused. Declude *can* use a single spam test to block spam. Or it can use multiple tests. So it only benefits us to push using multiple tests (with a *guaranteed* lower false positive ratio) if that's the better option.
Other anti-spam approaches use single-criteria. Declude, naturally, thinks this is bad, like REALLY bad.
Yes. It IS bad. Rejecting 5% to 10% of your legitimate mail just isn't acceptable to most people, and has serious consequences when done on a wide-spread basis (increased prices to consumers, no more free Internet services, etc.).
Len: It is becoming increasingly common for mailservers to reject all mail from "subscriber" networks. The reason being that these networks are huge sources of spam, but miniscule sources of legit mail. The FP rate is extremely low, so it is a wonderful, horrors!!, single-criteria filter. Highly recommended to everybody.
So let's pretend the FP ratio is just 1%. Great, you say. But you also block E-mail listed in SPEWS, that has a 2% FP ratio. Now, you're blocking somewhere close to 3% of E-mail. Add the 10 other spam tests you run, and you're blocking around 10% of your legitimate mail.
Compare that to scoring/weighting/percentages/whatever, where almost all the spam can be eliminated (including those from your "subscriber" networks). So what's the difference? Your approach has a 10% FP ratio; mine has a .1% FP ratio. That's a huge difference (before you respond, those are made-up numbers; it could be 4% versus .2%, for example). In any case, my method guarantees fewer false positives.
As an example, in IMgate, one rule applied to the PTR hostname of the IP emitting mail to your MX would look like this:
/cpe.*charter.net/ 554 subscriber network
... will block many 1000's of IPs in the Charter cable networks, while not blocking any mail from Charter's SMTP servers. Cool, huh?
Yeah, but using MONKEYPROXIES or DNSBL-PROXIES will catch 99% of the spam from those IPs, while not catching the mail of a company that is one of the leaders in its industry. <G>
But Scott says: "this test has a lot of false positives" Len: Wrong, you are blatantly misleading. The both the qty of IPs and the qty of spam from subscriber networks vastly overwhelms the legit.
Numbers, please.
Declude: When it's ok to block 5% of legit email, then it's reasonable to block 10%. Len: WTF? with or without context, that sentence is insane for email, it laughable in a formal presentation.
You're saying a 5% FP ratio is OK (you've *got* about a 5% FP ratio in my estimation, and you haven't claimed otherwise). You block on a lot of tests that intentionally have false positives. If you're willing to block 5%, everything seems fine to you (no reports of false positives, although mysteriously business has gone down lately...), so why not up it to 10% to catch even more spam? Why not move up to 15%?
"... they are going to be spending more time with fewer customers, forcing them to raise prices (and possibly go out of business)."
Len: small businesses that go out of business because they can't solve their email delivery problems deserve to got out of business.
Len, that's absurd. What is wrong with a small business that has expertise in E-mail setting up a mailserver that is set up perfectly? You're trying to impose your views on the world. You're trying to say that "You Must Have Vanity Reverse DNS", and "You Must Not Use An ISP That Spammers Have Ever Used", and so on.
Essentially, where most people say "I want to block as much spam as possible, and receive as much legitimate E-mail as possible", you're saying "I want to block as much spam as possible, but it's fine if some legitimate E-mail is lost." The SERIOUS problem, though, is that you are imposing this on the unsuspecting. A side problem is that if enough people do what you do, prices for goods and services sold through the Internet will increase, and free services will go away.
Len: The whole Microsoft paragraph is nonsense.
It says:
a. Based on two criteria, a multi-criteria system will accept mail from Microsoft, duh.
b. A single-criteria system, there would be no block of Microsoft, duh.
In this example (which I assume you chose carefully to illustrate the vast superiority of two criteria over the fatally flawed single-criteria system), what is the advantage of multi-criteria? There isn't any. Both the multi-criteria and the single-criteria systems accept mail from MS, duh , duh. Where's the superiority/inferiority when the outcomes are identical?
The problem is that you are rejecting that legitimate E-mail from Microsoft. If you don't understand why that is a problem, you shouldn't be offering anti-spam advice. :)
Now, how many Declude users DON'T accept the full msg?
None. But this isn't about Declude or IMGate. Yes, IMGate has an advantage here over Declude (have you caught on yet that I'm not knocking IMGate or pushing Declude?).
The problem is blocking on a single test that by design has false positives.
False problem. People don't design filters to have false positives.
Yes, they do. You did with your "ACL" test. You designed the test to block portions of the Internet, knowing that legitimate mailservers would be in those ranges. If you ignore false positives when designing a spam test, you're relying on luck to determine if your test is effective.
When people create spam tests, some of them design them based on a single-test system like yours (RBL(SM) was originally designed that way). Most, however, are designed to work with multi-test systems. For example, the REVDNS test catches in the order of 5% to 30% of legitimate E-mail. That isn't effective in a single-test system. However, it works great in a multi-test system.
Here's a Wednesday's IMGate report for a very satisfied IMGate single-criterion heathen who runs three IMGates as equal-preference MX.
But, that "very satisfied" person does not know how many false positives they are getting.
No. And yet, he finds that situation still very satisfying? Why isn't your chaotic "sky falling on his head"?
Because he has the false belief that he has no false positives. Meanwhile, all those E-mails to the sales@ account that are bouncing are people who aren't going to bother complaining, and represent a lot of lost business.
Worse, they have no idea of the cost of the false positives
If there are any false positives, and if there are any costs, please prove both.
There are false positives. I've seen log file entries for people who have sent E-mail that was bounced saying that the receiving system was an "ACL subscriber", that was traced back to IMGate. And guess what? I don't look at log files of spammers. :)
And, just a few days ago, someone E-mailed me and expected a response. My reply bounced (that's a false positive). I was very nice and then re-routed the E-mail through our Internet provider's smarthost (your suggestion!), and that bounced, too. Needless to say, he never got the free advice he was looking for.
You say that isn't a false positive because he forgot about it, or thought I never bothered to respond. I say it's a false positive because it cost me time and money, and he didn't get an E-mail that he was expecting.
(since only part of the cost of the false positives is on their end).
The rate of FP is, in practice, totally acceptable and manageable to IMGate admins and their users.
Lie.
How can someone say "My false positive ratio is acceptable" when they don't know what that ratio is? It's IMPOSSIBLE (except in one condition -- if someone is willing to accept 100% false positives, but I'm assuming that isn't the case here).
Pragmatically, if the FP sender doesn't complain...
So in my previous example, you're saying after wasting 10 minutes of time, I should waste another 10-20 minutes tracking down various contact points and trying to complain -- when everything is set up properly here (remember, we're E-mail experts here), and I'm doing them a free service? How do I know their abuse@ or postmaster@ account is whitelisted? How do I know whether or not they are rejecting mail from our smarthost? It isn't worth my time.
Remember, a false positive -- as defined by the whole anti-spam community -- is an E-mail that someone was expecting that was caught as spam ("expecting" could be a response to an E-mail, it could be posting an E-mail address on a web site that a legitimate person sends to, etc.). It isn't "an E-mail that was caught as spam and the sender complained."
, if the FP recipient doesn't complain, how important is such an FP, and its so-called cost, to either end?
It's called cutting your losses.
If someone orders software from us, and the E-mail with the order bounces, we'll push to get the mail through. But what about someone saying "How do I fix my mail client to stop sending XYZ vulnerability?" If they are so clueless that they are rejecting our mail, we're not going to bother jumping through hoops in hopes to get the E-mail there -- yet we've lost time by responding. That's wasted resources, Len.
169924 rejected (84%) <<<<<<<<<<<<<<<
But if you use the URBL test (see http://www.declude.com/junkmail/support/ip4r.htm ) you'll reject 100% of your E-mail.
Well, sh!t, we don't use the URBL test, so we don't reject 100% our our E-mail, duh. What point are you trying to make with this nonsense?
That you have to use useful numbers. You make a big point about how you reject 84% of your E-mail. But that number is meaningless. If you have a new domain that has never received spam, that means you are blocking 100% of your legitimate E-mail. If you have an old domain that is no longer used, it could mean you are blocking 84% of spam. If 84% of your incoming E-mail is spam, you could be blocking 100% of the spam and 0% of the legitimate mail -- or you could be blocking 100% of the legitimate E-mail and less than 84% of the spam. So *your* famous 84% is nonsense.
although it wouldn't surprise me if it was as high as 5% to 10%).
That's an unsubstantiated slur. Substantiate it.
I'm estimating, based on about 6 years of experience with anti-spam software, that your FP ratio is about 5% to 10%. No slurs involved -- I'm not stating that it *is*, just that I *estimate* it is.
Note that you have NEVER given an FP ratio for your servers, nor will you give an estimate other than "an acceptable level." Until you can give us numbers, your guess is as good as mine.
no high CPU content filtering, no accepting 5GB of mail.
Then why is it that Declude users tell me thay by adding IMGate, they have rescued their IMail box from Declude, and vastly speeded up the user experience, and extended the useful life of their IMail hardware?
For the same reason that they would get the same benefits by moving Declude to another box. <BG>
I'm not aware of a single customer of ours with a volume under 100,000 E-mails/day who has noticeably high CPU usage (or other resources) with Declude JunkMail (except possibly in a few cases where people have added extensive content filtering of their own).
But, this isn't a case of IMGate versus Declude. It's a case of single-test vs. multiple-test, and multiple-test is GUARANTEED to have fewer false positives.
Here's a question about Declude that I'm sure a lot of people would like to hear you answer.
That really sounds like you're starting a debate of IMGate versus Declude JunkMail.
Can you explain why so many (my guess is several dozen to maybe a couple 100) Declude admins decide, usually after many months with Declude's vastly superior, highly accurate, multi-criteria approach, to add IMGate which then handles 95% of their rejects with single-criteria techniques, thereby marginalizing Delude to catching the crumbs IMGate misses?
OK, so perhaps somewhere in the order of 5% of Declude users try IMGate. So? I recommend it to many of them!
Specifically, I recommend it to people who have high volumes of mail and want one or two gateways in front of the IMail server. IMGate is cheaper than buying another copy of IMail.
I do *NOT* recommend that they use single-criteria rejects, as it causes the many problems we've been over in this thread.
The whole problem with your arguing for multi-criteria Declude as superior to single-criteria IMGate...
Please, let's not take this personally. I'm not arguing one program versus another. I'm just urging you (and lots of other people that develop/sell/whatever anti-spam software) to include weighting with IMGate. It will improve your product, will improve the Internet, and make your users happier.
You whole "plea" is self-serving FUD.
Please, Len, stop with the insults. The plea is for developers of other anti-spam products. What could we possibly gain by improving our competition?
Please prove that IMGate has a 5% or 10% FP rate. That is, out of 50K rejects, that 2.5K or 5K rejects are reeally legit mail.
Len, PLEASE LEARN STATISTICS BEFORE USING THEM. THIS IS MISLEADING INFORMATION THAT YOU HAVE BEEN WARNED ABOUT BEFORE.
If you reject 50K E-mails and 2.5K are legitimate, that IS NOT a 5% FP ratio!
The false positive ratio is the number of legitimate E-mails that are caught as spam divided by the total number of legitimate E-mails that people attempt to send to your server. So if people try sending 1,000 and 100 are blocked, that's a 10% false positive ratio, whether you reject 5K E-mails or 50K E-mails.
So their judgement isn't "I'm willing to block 5% of my legitimate E-mail"
Stop with the "BS", nobody is willing or intending to block ANY legit mail.
Then why are you blocking E-mail on your ACL list, when you know it will block legitimate E-mail? If you used a weighting system, most of those legitimate E-mails would not get caught.
BFD. With the silliness, lying, misrepresentations, non-sequiturs, red herrings, straw men, and self-serving BS and FUD you've put in this thread, you will continue to hurt your credibility. And, "I'm not going to stop you."
Why are you insinuating, not substantiating, that I'm misleading anybody about anything?
Please, then, explain what you think people will think when you showed that 84% ratio. You were implying that you block 84% of spam, but that simply isn't the case. You were implying that you have a low FP ratio because very few people complain of bounced E-mail. You made up a new meaning for "False positive ratio" that is not the same as what is used in statistics or anti-spam discussions.
But you're ignoring false positives.
So what? We run IMGate, we see what happens...
That's the problem. Rather that using science to determine how effective your system is, you guess and "see what happens." In many cases, that's fine. But not when people are losing a lot of E-mail without knowing it ("I can't be losing E-mail, nobody is complaining!").
We feel no need to engage in sterile debates about FPs since FPs aren't a big problem.
You have no way of knowing how many false positives you get, what your false positive ratio is, or how much it may be costing the businesses of people that are running IMGate. "I don't think FPs are a big problem" is very different than "FPs aren't a big problem."
If IMGate FPs were the "sky falling" chaos you allege, why in the quite active IMGate list, NOBODY is whining about IMGate FP disasters?
Because they may not even know the impact of the false positives, because their leader is implying that if nobody complains, there are no false positives.
Where am I misleading people? You're making false, defamatory accusations.
I said you were misleading people, and said exactly how in this E-mail.
You are saying I'm making false accusations -- so what have I said that is false?
I contribute no more to this thread.
I bet you will. :)
I certainly don't mind you contributing to this thread, but I'm tired (as many others are) of you misleading people. I wonder how many people who are using IMGate today would not have, if you had told them up front what their FP ratio would be? I wonder if you would have a weighting system by now if you had told people from the beginning what the FP ratio would be?
I would like to see YOU explain why a significant number of Declude users feel it is worthwhile to add IMGate to their systems. I'm sure there is a LOT of interest in your response.
I wouldn't call 5% a significant number, Len. It's quite normal for even the best of products to have 5% of their customers switch to another product. But, you're overlooking the fact that many of that 5% use Declude JunkMail *and* IMGate together, for the best of both (again, IMGate can be very useful!). And, you're overlooking the fact that when people ask us whether or not they should run IMGate, we encourage them to use it (although now we will be giving them some warnings, and suggesting that they do not use it to block spam, or if they do so, only do so in a way that will result in extremely few FPs).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
