Hi Arlo, > -----Original Message----- > From: Arlo Gilbert [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 22, 2003 8:48 AM > To: Larry Gilson > Cc: [EMAIL PROTECTED] > Subject: Re: [SAtalk] dcc returns letters not numbers. docs > say to limit # 's > > > Thanks Larry, > > I do understand that 99999 is what the documentation says, but > thank you for clearing up the headers vs config for me.
No, not 99999 (100K), 999999 (1M) > I am a bit concerned though, the docs make reference to setting the > number very high, but they give us no indication or real > understanding of the dcc tests. > > I understand that they are a message checksum count system, but if > a message has been seen even say... 1000 times, isnt that a good > indicator that it may be bulk if not unsolicited? And herein lies the problem. Since the clients are autoresponding, messages sent 1000 times is an indication of bulkiness. SA provides an indication of spaminess - really defined by the threshold provided by the administrator. My understanding, which could be wrong, is that the higher the count then the higher the probability that the message can be spam. But this implication is inferred when providing a score for it. DCC will not even stretch that far. The DCC doc: count is the total number of recipients of messages with that check-sum reported directly or indirectly to the DCC server. The special count "MANY" means that DCC client have claimed that the message is directed at millions of recipients. "MANY" im-ples the message definitely bulk, but not necessarily unso-licited. The special counts "OK" and "OK2" mean the checksum has been marked "good" or "half-good" by DCC servers. The first paragraph of the DCC doc: "The Distributed Checksum Clearinghouse or DCC is a cooperative, distributed system intended to detect "bulk" mail or mail sent to many people. It allows individuals receiving a single mail message to determine that many other people have received essentially identical copies of the message and so reject or discard the message. It can identify some unsolicited bulk mail using "spam traps" and other detectors, but that is not its focus." > Does anybody have an in depth understanding of the dcc tests? > are they even worth using if we apparently have no faith in them? > And is a 99999 a little late? Sure if 100k people have seen it we > can likely consider it spam, but why 100k? why not less? Well again 1M, not 100K. The above doc snip specifically states that the focus is not on unsolicited bulk (spam) detection. So you really have to know how you want to treate an indication of bulk message. Whether it is treated as an indication of spam or not is entirely up to the administrator with the understanding that the scoring flavored like any other test (local, net, with bayes, with bayes+net). --Larry ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk