On Friday, February 25, 2005, 6:11:58 PM, David wrote:
DB Which can under certain circumstances be correct. If you had
DB signed up with the website then declude is correct in identifying
DB them as legitimate email. It is possible we could set up some
DB additional filters to help with a specific type of Spam.
Most of the time what is happening is that the IPs for these (and
often even the URI) have not been picked up by other services yet so
the total weight doesn't get pushed over the threshold. We see these
events as apparent false positives in our MDLP analysis (the red
mark at the end of the SNIFFER test is mostly new spam that only SNF
is seeing, not actually FPs)
http://www.sortmonster.com/MDLP/MDLP-Example-Long.html
An interesting test that might help is to keep track of connect
(source) IPs that are new - or relatively new. This same mechanism is
part of the requested Delay New IPs feature... but even before then,
our research suggests that a test that provides a weight based on how
new an IP source is could be quite helpful...
So, for example:
Days --- Weight
0 --- 64
1 --- 32
2 --- 16
4 --- 8
5 --- 4
6 --- 2
7 --- 1
8+--- 0
Based on a spam threshold of 100.
On many systems a Day Zero IP along with SNF would be enough to
filter the message out. After a couple of days other BLs are likely to
take over.
Just a thought ;-)
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
