The following is a list of tests that we run against the E-mails arriving at the spamtraps, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.65% WEIGHT20 97.62% NOLEGITCONTENT 96.68% SPAMCHK 95.80% SPAMMANAGER 95.61% SNIFFER 94.92% IPNOTINMX 91.40% SPAMCOP 79.73% MAILDEFLECTOR 68.21% DSBLALL 52.03% DSBL 51.30% BADHEADERS 48.42% EASYNET-DNSBL 45.67% BLARSBL 45.16% EASYNET-DYNA 44.44% FIVETENSRC 39.53% NOABUSE 39.28% FREEMAIL 34.71% NOPOSTMASTER 34.19% EASYNET-PROXIES 28.62% HELO 28.11% REVDNS 27.96% NJABLPROXIES 24.24% ROUTING 21.96% RSL 16.04% SPAMHAUS 16.02% IPWHOIS 13.06% BASE64 12.86% BLITZEDALL 12.45% SPAMHEADERS 12.16% COMMENTS 9.23% NJABLSOURCES 8.33% DSN 7.24% NJABLDUL 4.88% LNGSDUL 4.49% FIVETENIGNORE 3.89% MAILFROM 3.65% FABELSOURCES 3.63% SPAMBAG 3.11% INTERSIL 3.10% VOX 2.41% NJABL 2.32% BADWHOIS 1.93% FIVETENOPTIN 1.87% ORDB 1.76% KUNDENSERVER 1.22% PIGS 0.84% JIPPG-DUL 0.66% COMPU 0.57% DNSRBL-DUN 0.55% DSBLMULTI 0.48% LNGSBLOCK 0.41% KITHRUP 0.32% DNSMAILLIST 0.26% DEVNULL 0.07% FIVETENMULTI 0.06% FIVETENOTHER 0.01% DNSRBL-SPAM 0.01% JIPPG-DULJP 0.01% FIVETENWEBFORM 0.01%
The WEIGHT10 and WEIGHT20 tests are a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch as much as 97-99+% of spam with extremely few false positives). It is also important to note that different tests are more likely to produce false positives (such as the IPNOTINMX, REVDNS, and SPAMHEADERS tests, that all catch a lot of spam, but catch a lot of legitimate mail as well); those tests need to be used in a weighting system, so E-mail will only be marked as spam if it fails a combination of tests. The NOLEGITCONTENT and IPNOTINMX tests were designed to help identify legitimate E-mail (rather than spam), which accounts for their high percentages.
It is interesting to note that at least 48% of the spam in September could safely be caught by the BADHEADERS test (since no RFC-compliant mail client will send out E-mail that fails the BADHEADERS test).
There are 3 spam tests that catch over 90% of the spam in our spamtraps: SNIFFER ( http://www.sortmonster.com ), SPAMMANAGER ( http://www.spammanager.com ), and SPAMCHK ( http://www.riedmann.it/spamchk/ ) (at its strictest setting; normally, a less strict setting would be used, to minimize false positives).
More information on most of the spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
