The following is a list of tests that we run against the E-mails arriving at the spamtraps, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.72% NOLEGITCONTENT 98.52% WEIGHT20 98.10% SNIFFER 96.03% IPNOTINMX 92.26% SPAMCHK 92.02% ALLIGATE 82.01% SPAMCOP 81.48% MAILDEFLECTOR 74.41% DSBLALL 61.12% DSBL 61.02% BLARSBL 52.14% CBL 43.67% NOABUSE 42.89% FIVETENSRC 42.72% BADHEADERS 40.73% SORBS-DUHL 40.71% NOPOSTMASTER 36.12% FREEMAIL 33.86% NJABLPROXIES 24.57% HELO 23.87% REVDNS 23.75% AHBL 20.79% ROUTING 20.23% SORBS-SOCKS 15.22% SPAMHAUS 15.20% SPAMHEADERS 12.92% SORBS-HTTP 12.52% SPAMMANAGER 12.08% RSL 11.09% DSN 10.74% NJABLSOURCES 10.35% IPWHOIS 9.77% SORBS-SPAM 7.94% COMMENTS 7.91% NJABLDUL 6.59% BASE64 6.57% BLITZEDALL 6.38% LNGSDUL 4.58% FABELSOURCES 4.00% FIVETENIGNORE 2.95% SPAMBAG 2.59% MAILFROM 2.25% SORBS-MISC 2.03% BADWHOIS 1.88% NJABL 1.57% INTERSIL 1.49% ORDB 1.22% JIPPG-DUL 0.83% FIVETENOPTIN 0.75% VOX 0.73% ROPE 0.63% PIGS 0.51% DNSRBL-DUN 0.43% NONENGLISH 0.39% LNGSBLOCK 0.31% KITHRUP 0.29% KUNDENSERVER 0.22% SORBS-ZOMBIE 0.18% SORBS-SMTP 0.17% DSBLMULTI 0.17% FIVETENOTHER 0.07% FIVETENMULTI 0.04% DNSMAILLIST 0.03% DEVNULL 0.03% JIPPG-DULJP 0.01%
The WEIGHT10 and WEIGHT20 tests are a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch as much as 98-99+% of spam with extremely few false positives, and without relying on a single spam test). It is also important to note that different tests are more likely to produce false positives (such as the IPNOTINMX, REVDNS, and SPAMHEADERS tests, that all catch a lot of spam, but catch a lot of legitimate mail as well); those tests need to be used in a weighting system, so E-mail will only be marked as spam if it fails a combination of tests. The NOLEGITCONTENT and IPNOTINMX tests were designed to help identify legitimate E-mail (rather than spam), which accounts for their high percentages.
It is interesting to note that at least 40% of the spam in November could safely be caught by the BADHEADERS test (since no RFC-compliant mail client will send out E-mail that fails the BADHEADERS test).
There are 2 spam tests that caught over 90% of the spam in our spamtraps: SNIFFER ( http://www.sortmonster.com ) and SPAMCHK ( www.spamchk.com ) (at its strictest setting).
More information on most of the spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
