On Saturday, July 31, 2004, 3:32:46 PM, John wrote: JTL> (Moved to list)
JTL> Thanks, got it. JTL> This is my current lines, do I need to add others, or are the rules within JTL> these codes? (I hold at 25 and delete at 35) JTL> Is there a full list of codes on the web site? JTL> SNIFFER-TRAVEL external 047 15 0 JTL> SNIFFER-INSURANCE external 048 15 0 JTL> SNIFFER-AV-PUSH external 049 15 0 JTL> SNIFFER-WAREZ external 050 25 0 JTL> SNIFFER-SPAMWARE external 051 30 0 JTL> SNIFFER-SNAKEOIL external 052 25 0 JTL> SNIFFER-SCAMS external 053 30 0 JTL> SNIFFER-PORN external 054 30 0 JTL> SNIFFER-MALWARE external 055 20 0 JTL> SNIFFER-ADVERTISING external 056 15 0 JTL> SNIFFER-SCHEMES external 057 25 0 JTL> SNIFFER-CREDIT external 058 25 0 JTL> SNIFFER-GAMBLING external 059 25 0 JTL> SNIFFER-GREYMAIL external 060 10 0 JTL> SNIFFER-OBFUSCATION external 061 15 0 JTL> SNIFFER-EXPERIMENTAL external 062 20 0 JTL> SNIFFER-GENERAL external 063 20 0 It looks like you have it covered. There is a complete list here that we keep up to date: <http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html> I note a few discrepancies. 56 you have as Advertising - ?? This has always been ink & toner and printing supplies... perhaps that's what you mean. There is no general advertising rule group - most spam is some kind of advertisement. 60 is now Experimental IP rules. The gray hosting rule group has been retired and subsequent to that the Experimental IP rules were split away from the Experimental Abstract rules. Further, the processes we use to generate Experimental IP rules have changed quite a bit so that this rule group is much less prone to false positives than before and should continue to improve. Most IP rules are now added automatically through verification with other services and our own automated tests and then verified by a human. All Experimental IP rules still fall under the "One FP Gone" strategy where we eliminate these rules from the core on the first legitimate false positive report. (Eliminated IP rules prevent the IP from being added again except by manual override.) I recommend that since your current EXPERIMENTAL weight is 20 and this group used to contain the EXP-IP rules which are now in group 60, you should rename your SNIFFER-GRAYMAIL to SNIFFER-EXP-IP and raise it's weight to 20. I recommend that you rename your SNIFFER-EXPERIMENTAL to SNIFFER-EXP-ABST. You could probably raise this group to a weight of 25 since it no longer contains the EXP-IP rules. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
