[SURBL-Discuss] SURBL works well on envelope sender

Daniel Quinlan quinlan at pathname.com
Mon Jun 7 20:22:22 CEST 2004


Here's a test on my last 4 days of ham and spam.  The T_DNS_FROM* rules
are using the envelope sender (that is, the MAIL FROM added by my MTA to
the message headers).  They have a reasonably good hit rate (6.43% of
spam hit one of tested SURBL zones) and a 0% FP rate in this test.  Only
7 out of 103 of those did not hit one of the URIBL rules, but they did
do it with zero FPs (I get FPs mostly because people discuss spam
domains in some of the ham tested here.  That's another issue, though.)

Maybe it would be worthwhile factoring this into future development.
That is, also list known spammer envelope senders domains, maybe get
SpamCop to provide lists for that too, I suspect there's some overlap in
the other direction as well.

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
   2598     1602      996    0.617   0.00    0.00  (all messages)
100.000  61.6628  38.3372    0.617   0.00    0.00  (all messages as %)
  3.580   5.8052   0.0000    1.000   1.00    0.01  T_DNS_FROM_SURBL_WS
  0.885   1.4357   0.0000    1.000   0.67    0.01  T_DNS_FROM_SURBL_SC
  9.161  14.5443   0.5020    0.967   0.56    1.00  URIBL_BE_SURBL
 36.066  57.5531   1.5060    0.974   0.44    1.00  URIBL_WS_SURBL
  0.423   0.6866   0.0000    1.000   0.33    0.01  T_DNS_FROM_SURBL_BE
 29.908  47.5655   1.5060    0.969   0.11    1.00  URIBL_SC_SURBL

How's the multi roll-out going?  It would definitely be handy for this
test (the code to support it already exists).

Daniel

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/


More information about the Discuss mailing list