Scott, Thanks for the tip about not using "RBL" to refer to generic real-time blackhole lists. I had no clue that MAPS went so far as to trademark it. Why is it o.k. to constantly refer to unsolicited commercial e-mail as spam then though? :-)
BTW, it was ME who "claimed" to have no false positives. Specifically, I claimed to have no false positives during the entire month that I tested the configuration and manually (yes, manually) sorted through every single X-IMAIL tagged e-mail from all of our domains to determine if there was ANY legitimate e-mail being caught by three or more blacklists. There were none. I only started sending e-mails with 3+ matches to NUL after a month-long trial that proved successful. I still monitor all of my domains for tagged messages that generate only 1 or 2 matches by blacklists. If I lowered my threshold to two blacklist matches prior to deletion, my false-positive ratio would be much closer to 1% than I would like, and 1% is far too high for my comfort. Still, I guarantee you that ISPs such as AOL would reject every single one of the very few false positives I see with two blacklist matches. I am currently seeing about a .2-.4% false-positive ratio when using only two blacklists, and I know that because I look at the full headers of every single e-mail that has 1-2 blacklist matches. These are being passed on to their recipients, but I am still checking copies of them for the purpose of tracking false-positive ratios, and which lists are performing the best. It is incredibly time consuming, especially at first, but I have a very small group of very dedicated hosting customers that pay me a premium for doing this. I AM a Baysean filter! :-) I am not claiming to know what my false positive ratio is for three matches now, as they are going to NUL, but based upon my extensive prior testing and continued monitoring of 1-2 matches, there is absolutely no reason to believe that the filtering characteristics are in any need of changing, nor have deviated from the numbers they were before. Even if one of the blacklists pulled an Osirus-like stunt by blacklisting the world, my filtering (with deletion after two matches) would still be far less aggressive than that of AOL or other major ISPs, and it wouldn't take me very long to determine if something like that was going on anyway. Again, I believe that blacklists are effective and safe if used after extensive research, proven field testing, and constant monitoring of what messages are getting tagged with a lower threshold of matches. Quite frankly, if blacklists did not work, there would not be so many of them, and they would not be nearly as popular. They are just one way of combating spam, and are only a piece of the puzzle. False-positives are my #1 concern (by far) when it comes to spam filtering. I am extremely conservative when it comes to deleting e-mail messages, and would not do so unless I were 100% comfortable with my test results prior to actual implementation of deletion policies. William Van Hefner System Administrator TheDigest.Com/TelCompare.Com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Friday, September 05, 2003 4:55 AM > To: [EMAIL PROTECTED] > Subject: Re: [IMail Forum] Teaching the bayes engine with RBL mails > > > > >Assuming that some of you can use this too: Using the RBL-Tagged > messages to > >train the bayes engine. > > FYI, I've seen several people using "RBL" incorrectly -- it should *only* > be used to refer to the MAPS RBL. It is a trademark, and MAPS doesn't > allow it to be used to refer to non-MAPS spam databases. You can use > "DNSBL" or "ip4r" or a similar term instead. > > >all mails tagged as DNSBL positive (only!) are forwarded to a separate > >mailbox using the following rules.ima: > > I hate to say it, but this is flawed. The problem is that any false > positives you receive (note that someone else just claimed to > have 0 false > positives, but he actually doesn't know what his false positive > ratio is!) > will then get added to the bayes engine, which will then reduce the > effectiveness of the bayes engine. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
