The following is a list of tests that we run against the E-mails arriving at the spamtraps, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.52% WEIGHT20 96.90% NOLEGITCONTENT 95.60% SPAMMANAGER 93.51% SPAMCHK 93.43% SNIFFER 90.99% IPNOTINMX 89.55% XBL 78.68% EASYNET-DNSBL 70.84% SPAMCOP 69.14% MAILDEFLECTOR 63.92% DSBLALL 53.80% DSBL 53.38% EASYNET-PROXIES 48.97% BADHEADERS 41.99% BLARSBL 40.59% REVDNS 37.62% FIVETENSRC 37.31% NJABLPROXIES 35.28% FREEMAIL 32.96% HELO 31.76% MONKEYPROXIES 30.21% NOPOSTMASTER 30.19% ROUTING 24.96% NOABUSE 24.13% SPAMHAUS 21.83% BLITZEDALL 20.16% COMPU 17.93% SPAMHEADERS 17.09% BASE64 14.43% IPWHOIS 13.39% EASYNET-DYNA 12.12% DSN 11.89% RSL 11.77% COMMENTS 11.13% DELINK 8.03% INTERSIL 7.61% NJABLSOURCES 7.00% FABELSOURCES 6.87% VOX 6.45% SPAMBAG 5.69% FIVETENIGNORE 4.72% NJABLDUL 3.81% LNGSDUL 3.43% BADWHOIS 2.92% NJABL 2.58% ORDB 2.24% FIVETENOPTIN 2.05% MAILFROM 2.01% LNGSBLOCK 1.44% KUNDENSERVER 1.31% PIGS 0.87% DNSRBL-DUN 0.80% NONENGLISH 0.75% DNSMAILLIST 0.54% DSBLMULTI 0.46% JIPPG-DUL 0.39% KITHRUP 0.35% DEVNULL 0.26% FIVETENMULTI 0.12% FIVETENOTHER 0.03% JIPPG-DULJP 0.01%
The WEIGHT10 and WEIGHT20 tests are a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch as much as 97-99+% of spam with extremely few false positives). It is also important to note that different tests are more likely to produce false positives (such as the IPNOTINMX, XBL, REVDNS, and SPAMHEADERS tests, that all catch a lot of spam, but catch a lot of legitimate mail as well); those tests need to be used in a weighting system, so E-mail will only be marked as spam if it fails a combination of tests. The NOLEGITCONTENT and IPNOTINMX tests were designed to help identify legitimate E-mail (rather than spam), which accounts for their high percentages.
One interesting note is that last month 54% of the spam had broken headers (failing the BADHEADERS test), but only 42% did this month. That shows that spammers are getting smarter and/or using more advanced tools to send their spam. However, that means that at least 42% of the spam in August could safely be caught by the BADHEADERS test (since no RFC-compliant mail client will send out E-mail that fails the BADHEADERS test).
It seems that most of the spam tests caught less spam this month than last month. Also worth noting is that the Osirusoft tests (OSRELAY and the others) died in August, making spam detection even harder.
There are 3 spam tests that catch over 90% of the spam in our spamtraps: SPAMMANAGER ( http://www.spammanager.com ) at 93.51%, SNIFFER ( http://www.sortmonster.com ) at 90.99%, , and SPAMCHK ( http://www.riedmann.it/spamchk/ ) at 93.43% (at its strictest setting; normally, a less strict setting would be used, to minimize false positives).
More information on most of the spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
