Hi Matt, Well, statistics are a tricky thing. When you had posted on the Sniffer or Declude lists over the weekend that I should provide more specific numbers, I had no yet understood how you calculated your "percent of SPAM". The key is always how one defines 100%. Now that I read your post on the Sniffer list, I realize what number you are looking for. You call it "percent of SPAM", I call it "percent of HELD messages" (which, in reality, is only a subset of all Spam.) Total Messages Processed: 13,077 Messages That Failed ANY Test(s): 11,323 (86.59%) Total Messages DELETE, HOLD, BOUNCE, ROUTETO: 7,737 (59.16%) Average Message Weight: 22.00 (Hold weight is 10) Note: Before anyone jumps down my throat for the low "hold" ratio, we simply whitelist a lot of internal mail based on SMTP AUTH and based on clients' static IPs. Of those 7,737 spam messages: INV-URIBL...........7,737.......59.16% IPNOTINMX...........7,620.......58.27% SNIFFER.............7,396.......56.56% -> or 95% of the messages that were "held" (which, matches your "capture" rate of 95 - 96% exactly!) Note: As stated in my original post, I ran additional reports to break out the unique hits by SURBL vs. Sniffer, vs. the combined hits. From that I concluded that SURBL is NOT an irrelevant subset of Sniffer - but rather there is about an 80 - 90% overlap. On both ends there are messages that one flags - but not the other. Thus my previous statement that by using both together I'm able to "tag" about 10 - 20% more messages than what each one individually would have tagged (tapping into the 40.84% of non-held messages). NOLEGITCONTENT......7,215.......55.17% SPAMCOP.............4,611.......35.26% XBL-DYNA............4,228.......32.33% SORBS...............4,221.......32.28% DSBLSINGLE..........3,686.......28.19% REVDNS..............2,967.......22.69% WEIGHTFILTER........2,841.......21.73% SORBS-DUHL..........2,436.......18.63% HELOBOGUS...........2,277.......17.41% SENDERDB-BLOCK......2,095.......16.02% SPAMROUTING.........1,977.......15.12% NJABLDYNA...........1,958.......14.97% DYNAMIC-IP..........1,486.......11.36% SPAMHEADERS.........1,442.......11.03% AHBL................1,424.......10.89% BLITZEDALL..........1,359.......10.39% NJABLPROXIES........1,342.......10.26% BCC4................1,313.......10.04% SORBS-WEB...........1,026........7.85% BCC6..................927........7.09% BADHEADERS............926........7.08% AHBLPROXIES...........923........7.06% SBL...................918........7.02% SPAMDOMAINS...........834........6.38% SURBL-FROM............798........6.10% OPEN-RELAY............733........5.61% SORBS-HTTP............704........5.38% SNIFFER-PORN..........698........5.34% BCC8..................668........5.11% SORBS-SOCKS...........625........4.78% AHBLSOURCES...........491........3.75% RHSBL.................377........2.88% AHBLDOMAINS...........293........2.24% SPFFAIL...............276........2.11% SPFPASS...............235........1.80% BASE64................187........1.43% MAILFROM..............182........1.39% NJABLDUL..............179........1.37% SENDERDB-SUSP.........145........1.11% SNIFFER-SCAMS.........111........0.85% FORMMAIL...............85........0.65% NJABLSOURCES...........71........0.54% SORBS-BADCONF..........55........0.42% COMMENTS...............41........0.31% SORBS-MISC.............41........0.31% SNIFFER-MALWARE........38........0.29% MULTI-RELAY............33........0.25% DSBLMULTI..............33........0.25% WEB-O-TRUST............26........0.20% SORBS-ZOMBIE...........23........0.18% SORBS-SMTP.............23........0.18% MAILPOLICE-PORN........22........0.17% SNIFFER-OBFUSC.........15........0.11% ORDB...................10........0.08% RDNSBL..................5........0.04% NJABLRELAYS.............5........0.04% HIL.....................4........0.03%
Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 10, 2005 11:35 AM To: sniffer@SortMonster.com Subject: Re: [sniffer] Still having problems I just wanted to add some stats that I thought might be of some use here. I gathered info on my block rates over the past three days and compared my Sniffer hits to them. There has been no measurable change to my system with an average of 96% of spam getting tagged by Sniffer. I'm at least not seeing any issues. FRIDAY ====================== Blocked: 89.45% of Total Message Volume Sniffer: 85.74% of Total Message Volume --------------------------------- Sniffer Capture Rate on Spam: 95.85% SATURDAY ====================== Blocked: 96.57% of Total Message Volume Sniffer: 92.55% of Total Message Volume --------------------------------- Sniffer Capture Rate on Spam: 95.84% SUNDAY ====================== Blocked: 96.19% of Total Message Volume Sniffer: 92.60% of Total Message Volume --------------------------------- Sniffer Capture Rate on Spam: 96.26% The way that I generated these stats was to assume that my "Hold" weight in Declude was an accurate approximate delineation between ham and spam. Then the total for the Sniffer tests was added together and divided by the block rate in order to calculate the "Sniffer Capture Rate on Spam". Hope this helps. Matt
<<attachment: winmail.dat>>
