RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
Rick, I was looking at your filter -- great idea. One question (which falls under the processing order) If you have: BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Tuesday, October 26, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? 1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! heh, that is no exageration either, it is mainly due to spending alot of time in looking at false positives and finding ways to prevent them. For example use filtering to look for legit mail, the attached filter file runs before all other filters, it contains things that I found in false positives. This file is my number one false positive eliminator, my second method is test the hell out of any significant changes first. I do have the luxury of having to only filter for one company and I can be fairly restrictive I will see if I can get my configs somewhere for download, I am willing to share my work because I hate spam and spammers so much... man do i hate them. Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
- Original Message - From: Mark E. Smith [EMAIL PROTECTED] Rick, I was looking at your filter -- great idea. One question (which falls under the processing order) If you have: BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? By default, virus scanning happens before spam filtering, unless you use AVAFTERJM in either of your Virus or JunkMail config files. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
One question (which falls under the processing order) If you have: BODYSTOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? Declude Virus runs first. So in this case, Declude Virus would scan the E-mail -- and Declude JunkMail would only look at it if it was deemed virus-free by the virus scanner. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
That is correct, declude virus processes before junkmail I did look at quite a few zip viruses and didnt see any of them using the Content-Type: application/x-zip-compressed in the mime info Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Mark E. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 1:03 PM Subject: RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Rick, I was looking at your filter -- great idea. One question (which falls under the processing order) If you have: BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Tuesday, October 26, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? 1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! heh, that is no exageration either, it is mainly due to spending alot of time in looking at false positives and finding ways to prevent them. For example use filtering to look for legit mail, the attached filter file runs before all other filters, it contains things that I found in false positives. This file is my number one false positive eliminator, my second method is test the hell out of any significant changes first. I do have the luxury of having to only filter for one company and I can be fairly restrictive I will see if I can get my configs somewhere for download, I am willing to share my work because I hate spam and spammers so much... man do i hate them. Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
Yeah, just checked on a few of these MIME items and the actual type isn't defined. For example, an Excel attachment just says application-octet-stream -0- Content-Type: multipart/mixed;boundary===IMail_v8.1== Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 Oct 2004 18:29:21.0419 (UTC) FILETIME=[E09185B0:01C4BC52] --==IMail_v8.1== Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii --==IMail_v8.1== Content-Type: application/octet-stream; name=2004 Technology.xls Content-Transfer-Encoding: base64 == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Wednesday, October 27, 2004 1:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? That is correct, declude virus processes before junkmail I did look at quite a few zip viruses and didnt see any of them using the Content-Type: application/x-zip-compressed in the mime info Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Mark E. Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 1:03 PM Subject: RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Rick, I was looking at your filter -- great idea. One question (which falls under the processing order) If you have: BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Tuesday, October 26, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? 1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! heh, that is no exageration either, it is mainly due to spending alot of time in looking at false positives and finding ways to prevent them. For example use filtering to look for legit mail, the attached filter file runs before all other filters, it contains things that I found in false positives. This file is my number one false positive eliminator, my second method is test the hell out of any significant changes first. I do have the luxury of having to only filter for one company and I can be fairly restrictive I will see if I can get my configs somewhere for download, I am willing to share my work because I hate spam and spammers so much... man do i hate them. Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
That's a MIME type :) They are all over the place, and they can be forged. Here's how MS handles it: http://msdn.microsoft.com/library/default.asp?url=""> Matt Mark E. Smith wrote: Yeah, just checked on a few of these MIME items and the actual type isn't defined. For example, an Excel attachment just says application-octet-stream -0- Content-Type: multipart/mixed;boundary="==IMail_v8.1==" Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 Oct 2004 18:29:21.0419 (UTC) FILETIME=[E09185B0:01C4BC52] --==IMail_v8.1== Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii --==IMail_v8.1== Content-Type: application/octet-stream; name="2004 Technology.xls" Content-Transfer-Encoding: base64 == -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Davidson Sent: Wednesday, October 27, 2004 1:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? That is correct, declude virus processes before junkmail I did look at quite a few zip viruses and didnt see any of them using the Content-Type: application/x-zip-compressed in the mime info Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Mark E. Smith" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 1:03 PM Subject: RE: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Rick, I was looking at your filter -- great idea. One question (which falls under the processing order) If you have: BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed I think Declude Virus will still grab this correct? Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Davidson Sent: Tuesday, October 26, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? 1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! heh, that is no exageration either, it is mainly due to spending alot of time in looking at false positives and finding ways to prevent them. For example use filtering to look for legit mail, the attached filter file runs before all other filters, it contains things that I found in false positives. This file is my number one false positive eliminator, my second method is test the hell out of any significant changes first. I do have the luxury of having to only filter for one company and I can be fairly restrictive I will see if I can get my configs somewhere for download, I am willing to share my work because I hate spam and spammers so much... man do i hate them. Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
The reason it is called BOUNCEONLYIFYOUMUST is just that. Bounce only if you MUST and be aware of what you are doing. So what do you recommend to help avoid losing false-positives while still catching the crap? We all know that people will get false positives. How it is handled after that is the trick. Unfortunately, we have a couple of clients who are receiving email from people that always get blocked. And, regardless of what I say, they need those emails to get through, no matter what. With 1000+ domains on the server, with each having 1 to 300 accounts, to try to come up with a way to give the client more control would be a disaster. The phone rings constantly enough that people forget their password, didn't touch outlook yet all of their settings are different, etc What would happen if we let them start picking user defined levels within Declude? They'd be calling constantly - hey, I set it for medium and I'm not getting this email from my sister. Hey, I set it for low and it still lets spam in. HeyYou get the idea. I don't expect there to be a right answer... what I'm looking for are best practices - thanks for the other responses that came through - but for the rest, I'm not expecting a right or wrong answer, just looking to open a dialog of rules of thumb that might work well for all. Thanks! Chris --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! I'll investigate what you discussed and see how we can best apply the same strategies to what we're doing. Thanks! At 10:59 AM 10/25/2004, you wrote: For reviewing held mail I use a win2003 box and outlook express, outlook express allows easy access to the header information unlike Outlook. Win2003 allows you to connect to the console session so you can always leave outlook express open and running so your hold mailboxes dont get over filled. If remote management isnt a requirement then the win2003 remote console doesnt matter... On your filtering server, create a mailbox for each test that holds mail, create accounts and message rules to download and sort the mail by test. As you review the mail you can determine why a false positive occured and then adjust your filtering accordingly. Once you are certain a test is not generating false positives you can safely switch it to delete mail. My false positive rate is near 1 in 500k-700k we do about 115K messages a day, we hold over 100K of those as spam. I am constantly readjusting for better catch rate and fewer false positives This is how I do it. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Chris Ulrich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 25, 2004 10:37 AM Subject: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Hi all. We've been struggling a bit with this issue. We have a variety of tests in place, and basically have just changed our settings to: WEIGHT10 WARN WEIGHT20 BOUNCEONLYIFYOUMUST WEIGHT40 DELETE The hope is that it will bounce some of the false positives back to the senders so we don't get complaints from people that they are not receiving their emails (which previously were getting deleted) and that if it is so offending (it hits 40) that we delete it. I know there is a HOLD option where we could review it, but: 1. How time consuming is it to go in and review these messages? Do you waste a lot of time doing it? 2. How exactly do you review these and, if it looks legit, flag it as OK to go? Are there any tools where you can basically browse through the subjects, senders, etc., like you would with Eudora or Outlook? Or do you have to manually look at each? Any thoughts would be appreciated! Thanks Chris --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
1 in 500,000? That's fantastic. I think that qualifies for the anti-spam guru of the week award! heh, that is no exageration either, it is mainly due to spending alot of time in looking at false positives and finding ways to prevent them. For example use filtering to look for legit mail, the attached filter file runs before all other filters, it contains things that I found in false positives. This file is my number one false positive eliminator, my second method is test the hell out of any significant changes first. I do have the luxury of having to only filter for one company and I can be fairly restrictive I will see if I can get my configs somewhere for download, I am willing to share my work because I hate spam and spammers so much... man do i hate them. Rick Davidson National Systems Manager North American Title Group - # Anti Anti-Spam # # This file is used to identify things in messages that don't # normally appear in spam to stop filtering processes. # TESTSFAILED END CONTAINS SENDERDB TESTSFAILED END CONTAINS ORDB TESTSFAILED END CONTAINS KUNDEN BODY STOPALLTESTS CONTAINS .csv BODY STOPALLTESTS CONTAINS .doc BODY STOPALLTESTS CONTAINS .EDS BODY STOPALLTESTS CONTAINS .PDF HEADERS STOPALLTESTS CONTAINS .PDF BODY STOPALLTESTS CONTAINS .dtx BODY STOPALLTESTS CONTAINS .dwg BODY STOPALLTESTS CONTAINS .GMD BODY STOPALLTESTS CONTAINS .LSD BODY STOPALLTESTS CONTAINS .MRF BODY STOPALLTESTS CONTAINS .rtf BODY STOPALLTESTS CONTAINS .TIF BODY STOPALLTESTS CONTAINS .UP BODY STOPALLTESTS CONTAINS Content-Type: application/applefile BODY STOPALLTESTS CONTAINS Content-Type: application/mol BODY STOPALLTESTS CONTAINS Content-Type: application/msword BODY STOPALLTESTS CONTAINS Content-Type: application/octet-stream; BODY STOPALLTESTS CONTAINS Content-Type: application/pdf BODY STOPALLTESTS CONTAINS Content-Type: application/rtf ANYWHERE STOPALLTESTS CONTAINS Content-Type: image/tiff BODY STOPALLTESTS CONTAINS Content-Type: application/vnd.ms-excel BODY STOPALLTESTS CONTAINS Content-Type: application/vnd.ms-powerpoint BODY STOPALLTESTS CONTAINS Content-Type: application/x-zip-compressed BODY STOPALLTESTS CONTAINS X-MS-Attachment: # SUBJECT STOPALLTESTS CONTAINS [Declude SUBJECT STOPALLTESTS CONTAINS [Imail SUBJECT STOPALLTESTS CONTAINS [ciblist SUBJECT STOPALLTESTS CONTAINS Closing Docu SUBJECT STOPALLTESTS CONTAINS Commence sync data SUBJECT STOPALLTESTS CONTAINS Documents For BODY STOPALLTESTS CONTAINS digitaldocs BODY STOPALLTESTS CONTAINS E-TICKET BODY STOPALLTESTS CONTAINS Note: forwarded message attached BODY STOPALLTESTS CONTAINS Orbitz Travel Document BODY STOPALLTESTS CONTAINS marriott.com/property BODY STOPALLTESTS CONTAINS marriott.com/reservation BODY STOPALLTESTS CONTAINS Your files are attached and ready to send with this message # HEADERS STOPALLTESTS CONTAINS CareerBuilder.com MAILFROM STOPALLTESTS CONTAINS @Dell.com MAILFROM STOPALLTESTS CONTAINS @LENNAR.COM MAILFROM STOPALLTESTS CONTAINS @UAMC.COM BODY STOPALLTESTS CONTAINS www.natreach.com HEADERS STOPALLTESTS CONTAINS KODAK EasyShare HEADERS STOPALLTESTS CONTAINS reacheach1.com # # Psuedo whitelist # ANYWHERE STOPALLTESTS CONTAINS smtp.expedia.com ANYWHERE STOPALLTESTS CONTAINS @aa.globalnotifications.com ANYWHERE STOPALLTESTS CONTAINS datascope.com.ph ANYWHERE STOPALLTESTS CONTAINS DeltaElectronicTicketReceipt HEADERS STOPALLTESTS CONTAINS .homes.com BODY STOPALLTESTS CONTAINS isellfortcollins.biz BODY STOPALLTESTS CONTAINS Travelocity Reservation ANYWHERE STOPALLTESTS CONTAINS .united.com ANYWHERE STOPALLTESTS CONTAINS .us.dell.com ALLRECIPS STOPALLTESTS CONTAINS @iwon.com
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
Hi, Hi all. We've been struggling a bit with this issue. We have a variety of tests in place, and basically have just changed our settings to: WEIGHT10 WARN WEIGHT20 BOUNCEONLYIFYOUMUST WEIGHT40 DELETE The hope is that it will bounce some of the false positives back to the senders so we don't get complaints from people that they are not receiving their emails To bad, but no go. If you have the standard weights in place, chances you are becoming a spammer yourself is about 80%. That's the spam hitrate for the weight20 test minus the nonforged headers. About 90% of all spam has a forged header, the remaining being from advertising senders having a bounce mechanism. So you are sending a lot of spam to innocent victims who's e-mail adres has been used as a from adres. Also, have a look at your postmaster account, it should fill up nicely with bounces to forged adresses that do not exist. The reason it is called BOUNCEONLYIFYOUMUST is just that. Bounce only if you MUST and be aware of what you are doing. Groetjes, Bonno Bloksma --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
For reviewing held mail I use a win2003 box and outlook express, outlook express allows easy access to the header information unlike Outlook. Win2003 allows you to connect to the console session so you can always leave outlook express open and running so your hold mailboxes dont get over filled. If remote management isnt a requirement then the win2003 remote console doesnt matter... On your filtering server, create a mailbox for each test that holds mail, create accounts and message rules to download and sort the mail by test. As you review the mail you can determine why a false positive occured and then adjust your filtering accordingly. Once you are certain a test is not generating false positives you can safely switch it to delete mail. My false positive rate is near 1 in 500k-700k we do about 115K messages a day, we hold over 100K of those as spam. I am constantly readjusting for better catch rate and fewer false positives This is how I do it. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Chris Ulrich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 25, 2004 10:37 AM Subject: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Hi all. We've been struggling a bit with this issue. We have a variety of tests in place, and basically have just changed our settings to: WEIGHT10 WARN WEIGHT20 BOUNCEONLYIFYOUMUST WEIGHT40 DELETE The hope is that it will bounce some of the false positives back to the senders so we don't get complaints from people that they are not receiving their emails (which previously were getting deleted) and that if it is so offending (it hits 40) that we delete it. I know there is a HOLD option where we could review it, but: 1. How time consuming is it to go in and review these messages? Do you waste a lot of time doing it? 2. How exactly do you review these and, if it looks legit, flag it as OK to go? Are there any tools where you can basically browse through the subjects, senders, etc., like you would with Eudora or Outlook? Or do you have to manually look at each? Any thoughts would be appreciated! Thanks Chris --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices for handing legit email flagged as spam?
We're working on an independent version of SpamReview that has more information and adjustments capabilities built in, but there are two existing freeware products on the Declude Utilities page: SpamReview being a desktop app, and another one (sorry forgot the name) being web based. We review the hold queue several times a day, adjusting for false positives, and have a spam reporting address to adjust for false negatives. We figure it takes us about an hour/10k messages/day for the review and tweaking process. We are considering moving to a bulk folder mentality, with automated processes for users to report messages as spam or not spam. Depending on your willingness to spend the time, I would recommend manual reviews instead of bulk folders until you're satisfied with your filtering level and confident in your adjustment processes. Darin. - Original Message - From: Chris Ulrich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 25, 2004 10:37 AM Subject: [Declude.JunkMail] Best Practices for handing legit email flagged as spam? Hi all. We've been struggling a bit with this issue. We have a variety of tests in place, and basically have just changed our settings to: WEIGHT10 WARN WEIGHT20 BOUNCEONLYIFYOUMUST WEIGHT40 DELETE The hope is that it will bounce some of the false positives back to the senders so we don't get complaints from people that they are not receiving their emails (which previously were getting deleted) and that if it is so offending (it hits 40) that we delete it. I know there is a HOLD option where we could review it, but: 1. How time consuming is it to go in and review these messages? Do you waste a lot of time doing it? 2. How exactly do you review these and, if it looks legit, flag it as OK to go? Are there any tools where you can basically browse through the subjects, senders, etc., like you would with Eudora or Outlook? Or do you have to manually look at each? Any thoughts would be appreciated! Thanks Chris --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
