Message
From: qqqq [mailto:qqqq (AT) usermail (DOT) com]
Sent: Monday, May 08, 2006 14:07
To: users (AT) spamassassin (DOT) apache.org
Subject: Latest sa-stats from last week
Email: 561313 Autolearn: 0 AvgScore: 6.77
AvgScanTime: 2.41 sec
Spam: 209359 Autolearn: 0 AvgScore: 16.99
AvgScanTime: 2.30 sec
Ham: 351954 Autolearn: 0 AvgScore: 0.70
AvgScanTime: 2.48 sec
Time Spent Running SA: 376.39 hours
Time Spent Processing Spam: 133.76 hours
Time Spent Processing Ham: 242.62 hours
TP SPAM RULES FIRED
RANK RULE NAME **** %FRULES
%FMAIL %FSPAM %FHAM
1 URIBL_BLACK 163397 7.09
29.11 78.05 0.50
Nice.
How does that Queen song go? We are ;)

| TP SPAM RULES FIRED
|
| RANK RULE NAME **** %FRULES
| %FMAIL %FSPAM %FHAM
|
| 1 URIBL_BLACK 163397 7.09
| 29.11 78.05 0.50
|
| Nice.
|
| How does that Queen song go? We are ;)
LL! Congrats!
QQQQ

Dallas Engelken wrote:
>Message
>From: qqqq [mailto:qqqq (AT) usermail (DOT) com]
>Sent: Monday, May 08, 2006 14:07
>To: users (AT) spamassassin (DOT) apache.org
>Subject: Latest sa-stats from last week
>>
>Email: 561313 Autolearn: 0 AvgScore: 6.77
>AvgScanTime: 2.41 sec
>Spam: 209359 Autolearn: 0 AvgScore: 16.99
>AvgScanTime: 2.30 sec
>Ham: 351954 Autolearn: 0 AvgScore: 0.70
>AvgScanTime: 2.48 sec
>>
>Time Spent Running SA: 376.39 hours
>Time Spent Processing Spam: 133.76 hours
>Time Spent Processing Ham: 242.62 hours
>>
>TP SPAM RULES FIRED
>
>RANK RULE NAME **** %FRULES
>%FMAIL %FSPAM %FHAM
>
>1 URIBL_BLACK 163397 7.09
>29.11 78.05 0.50

Nice.

How does that Queen song go? We are ;)

I would be proud of those numbers Dallas However, I'd also take them as a
warning of areas needing improvement.

URIBL has the highest spam hit rate, but you nonspam hit-rate is more than 5
times that of JP, your closest competitor in the world of uridnsbl's.

1 URIBL_BLACK 163397 7.09 29.11 78.05 0.50
5 URIBL_JP_SURBL 118251 5.13 21.07 56.48 0.09

Given that your spam hit rate is 1.5 times that of JP, compared to the 5 times
higher nonspam rate, it suggests JP is doing a whole lot better in the accuracy
department.

(note: I do realize this can be biased by overall FNs in SA. Some of those 0.50
might be SA FN's. That said, such FNs would likely also affect other URIBLs.)

This isn't to say that URIBL_BLACK isn't useful, or that you guys aren't doing a
good job. However, this is good evidence you guys are doing great, but you do
still have some areas that could use improvement.

(Although clearly you're doing better than RAZR2_CHECK, and
RAZR2_CF_RANGE_51_100, which are completely sucking in terms of accuracy on
this test)

Theo Van Dinter wrote:
Mon, May 08, 2006 at 03:57:05PM -0400, Theo Van Dinter wrote:
>For more information, here's the results of last week's net mass-check run
>(net results should be "live"):

, I meant to add in Razor results since someone mentioned them as well:

MSECS SPAM% HAM% S/ RANK SCRE NAME
0 181939 52229 0.777 0.00 0.00 (all messages)
0.00000 77.6959 22.3041 0.777 0.00 0.00 (all messages as %)
22.377 28.8009 0.0000 1.000 1.00 0.00 URIBL_SC_SURBL
26.604 34.2378 0.0134 1.000 1.00 0.00 URIBL_WS_SURBL
28.358 36.4925 0.0211 0.999 1.00 0.00 RAZR2_CF_RANGE_E8_51_100
24.854 31.9854 0.0115 1.000 1.00 0.00 URIBL_JP_SURBL
12.423 15.9889 0.0000 1.000 0.98 0.00 URIBL_AB_SURBL
23.278 29.9463 0.0479 0.998 0.96 0.00 URIBLB_SURBL
15.377 19.7803 0.0383 0.998 0.95 0.00 URIBL_SBL
42.188 54.2671 0.1091 0.998 0.94 0.00 RAZR2_CF_RANGE_51_100
26.620 34.2367 0.0881 0.997 0.94 0.00 RAZR2_CF_RANGE_E4_51_100
43.678 56.1512 0.2298 0.996 0.87 0.00 RAZR2_CHECK
29.707 38.1606 0.2585 0.993 0.85 0.00 URIBL_BLACK
0.236 0.3028 0.0038 0.988 0.67 0.00 URIBL_PH_SURBL
0.020 0.0264 0.0000 1.000 0.50 0.00 URIBL_RED
0.515 0.4353 0.7946 0.354 0.45 0.00 URIBL_GREY

Interesting, my Razor stats show a MUCH higher false positive rate, so
much so that I had to lower the scores dramatically.

Spam Ham
1 RAZR2_CHECK 9744 6.79 33.40 82.84 8.18
2 RAZR2_CF_RANGE_51_100 9303 6.48 31.89 79.09 7.37
6 RAZR2_CF_RANGE_E8_51_100 5597 3.90 19.18 47.59 0.52
8 RAZR2_CF_RANGE_E4_51_100 5111 3.56 17.52 43.45 6.86

Seems to hit PDF attachments really hard and I guess a lot of our
business clients send a lot of PDF's back and forth.

Rick

From: "Dallas Engelken" <dallase (AT) uribl (DOT) com>
>Message
>From: qqqq [mailto:qqqq (AT) usermail (DOT) com]
>Sent: Monday, May 08, 2006 14:07
>To: users (AT) spamassassin (DOT) apache.org
>Subject: Latest sa-stats from last week
>
>Email: 561313 Autolearn: 0 AvgScore: 6.77
>AvgScanTime: 2.41 sec
>Spam: 209359 Autolearn: 0 AvgScore: 16.99
>AvgScanTime: 2.30 sec
>Ham: 351954 Autolearn: 0 AvgScore: 0.70
>AvgScanTime: 2.48 sec
>
>Time Spent Running SA: 376.39 hours
>Time Spent Processing Spam: 133.76 hours
>Time Spent Processing Ham: 242.62 hours
>
>TP SPAM RULES FIRED
>
>RANK RULE NAME **** %FRULES
>%FMAIL %FSPAM %FHAM
>
>1 URIBL_BLACK 163397 7.09
>29.11 78.05 0.50

Nice.

How does that Queen song go? We are ;)

Somewhat smaller sample but
TP SPAM RULES FIRED

RANK RULE NAME **** %FRULES %FMAIL %FSPAM %FHAM

1 BAYES_99 4089 4.86 27.59 91.37 0.09
2 URIBL_BLACKB 2578 3.06 17.40 57.61 0.07
3 RCVD_IN_XBL 2574 3.06 17.37 57.52 0.00
4 HTML_MESSAGE 2571 3.05 17.35 57.45 5.92
5 URIBL_JP_SURBL 2147 2.55 14.49 47.98 0.03
6 URIBLB_SURBL 1980 2.35 13.36 44.25 0.08
7 URIBL_SBL 1917 2.28 12.94 42.84 0.10
8 URIBL_SC_SURBL 1874 2.23 12.65 41.88 0.03
9 URIBL_WS_SURBL 1712 2.03 11.55 38.26 0.03
10 JD_TEARTHLINK 1710 2.03 11.54 38.21 1.70
11 RCVD_IN_BL_SPAMCP_NET 1477 1.75 9.97 33.01 4.61
12 JD_HI_BAYES 1396 1.66 9.42 31.20 0.04
13 JD_VHI_BAYES 1364 1.62 9.20 30.48 0.02
14 URIBL_AB_SURBL 1329 1.58 8.97 29.70 0.03
15 JD_MY_NAME 1264 1.50 8.53 28.25 1.64
16 LW_MULT_RECIP3 1244 1.48 8.39 27.80 1.76
17 RCVD_IN_DSBL 1012 1.20 6.83 22.61 0.00
18 LW_MULT_RECIP5 983 1.17 6.63 21.97 0.02
19 RCVD_NUMERIC_HEL 965 1.15 6.51 21.56 0.64
20 FH_RELAY_NDNS 936 1.11 6.32 20.92 0.50

TP HAM RULES FIRED

RANK RULE NAME **** %FRULES %FMAIL %FSPAM %FHAM

1 BAYES_00 7781 14.71 52.50 0.04 75.22
2 JD_LKML_RELAY 5534 10.46 37.34 1.52 53.49
3 JD_LBAYES 4179 7.90 28.20 0.02 40.40
4 JD_VLBAYES 4043 7.64 27.28 0.02 39.08
5 SPF_HELPASS 2538 4.80 17.13 2.73 24.53
6 SPF_PASS 2468 4.67 16.65 2.32 23.86
7 JD_LBAYES_LKML 2359 4.46 15.92 0.00 22.80
8 JD_VLBAYES_LKML 2267 4.29 15.30 0.00 21.91
9 JD_PATCH_SUBJ 1698 3.21 11.46 0.00 16.41
10 BAYES_50 1472 2.78 9.93 1.77 14.23
11 NT_TME 1175 2.22 7.93 13.83 11.36
12 RCVD_BY_IP 1168 2.21 7.88 8.83 11.29
13 SARE_MSGID_LNG40 842 1.59 5.68 0.09 8.14
14 RATWR10a_MESSID 805 1.52 5.43 3.80 7.78
15 FM_3PLUS_NDNS 773 1.46 5.22 6.59 7.47
16 HTML_MESSAGE 612 1.16 4.13 57.45 5.92
17 USER_IN_WHITELIST 603 1.14 4.07 0.11 5.83
18 JD_MANGY_MRTGAGES 548 1.04 3.70 8.31 5.30
19 UHS_BCW 528 1.00 3.56 0.11 5.10
20 RCVD_IN_BL_SPAMCP_NET 477 0.90 3.22 33.01 4.61

Now THAT is stomping, Kemo Sabe, with special depleted uranium bullets, too.

7,000 emails or so through my mail box, no false alarms. No spam scored
under 6.8 and only 3 were under 8. Now THAT's cookin'. (In particular
<climbs onto my hobby horseI note that BAYES_99 did not misfire NCE
on ham that was marked as spam for me.)

{^_-}

Hello all,

Really strange about this. A message was marked as spam with
URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: mcleishorlando.com]

Checked at

it says it is not listed there.

I even went through
http://www.dnsstuff.com
spam database lookup. It is not listed on any of them.

Not really sure. Can someone help?

Thank you for your help in advance.

Irina

The messages contains a URL pointing to

that's why it was blocked, just like the message tells you.
-Sietse

From: Irina [mailto:irina (AT) nas (DOT) net]
Sent: Fri 19-May-06 16:19
To: users (AT) spamassassin (DOT) apache.org
Subject: A domain blocked but not listed on any RBL or SURBL

Hello all,

Really strange about this. A message was marked as spam with
URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: mcleishorlando.com]

Checked at

it says it is not listed there.

I even went through
http://www.dnsstuff.com <http://www.dnsstuff.com/
spam database lookup. It is not listed on any of them.

Not really sure. Can someone help?

Thank you for your help in advance.

Irina

Irina wrote:
Hello all,

Really strange about this. A message was marked as spam with
URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: mcleishorlando.com]

Checked at

it says it is not listed there.

I even went through
http://www.dnsstuff.com
spam database lookup. It is not listed on any of them.

Not really sure. Can someone help?

Look up the NS record for the domain, it's the nameserver that's listed
in SBL.