[SURBL-Discuss] quick poll on SURBL hit %
Matt Egan (hotmail)
mattegan_public at hotmail.com
Thu Jan 6 05:37:50 CET 2005
----- Original Message -----
From: "Matt Egan (hotmail)" <mattegan_public at hotmail.com>
To: "SURBL Discussion list" <discuss at lists.surbl.org>
Sent: Wednesday, January 05, 2005 6:36 PM
Subject: Re: [SURBL-Discuss] quick poll on SURBL hit %
[...]
Just more info, on the frontend I block clients listed on sbl-xbl.spamhaus
and combined.njabl. I also greylist unknown hostname and generic looking
hostnames '(dsl|cable|dialup)". The use of the RBL is probably note unique
but the greylisting of certain clients might be something that not many
others do which might explain some of the differences in our numbers. (it is
very effective)
Also i left out the mail totals:
Totals:
-------
42209 : Mails
thereof
79 : INFECTED (1 tenth of 1 percent)
1121 : SPAM Blocked (2.6 %)
297 : SPAM Tagged (7 tenths of 1 percent)
40712 : clean
Average Score
SPAM Blocked: 16.05
SPAM Tagged : 5.78
In this same time period
Client host rejected: Greylisted... Try back after 357 seconds. (top 10
of total: 4839)
(I don't know how many retried my guess is 75% of these never came
back).
171 attbi.com
107 comcast.net
98 ameritech.net
93 pacbell.net
81 charter.com
78 swbell.net
75 dsl-verizon.net
49 mindspring.com
45 verizon.net
39 rr.com
blocked using sbl-xbl.spamhaus.org (top 10 of total: 4648)
198 comcast.net
113 rr.com
88 ameritech.net
79 charter.com
79 villner.com
74 pacbell.net
73 dsl-verizon.net
71 attbi.com
63 ohthatsfunny.com
63 swbell.net
blocked using combined.njabl.org (top 10 of total: 917)
92 comcast.net
57 rr.com
51 attbi.com
35 bellsouth.net
33 t-dialin.net
31 swbell.net
22 ameritech.net
16 rima-tde.net
15 adelphia.net
13 auna.net
[...]
> Ranking of Tests in Blocked Spam: ( 1121 Blocked )
> -------------------------------------------------- (top 30 of 715 rules
> triggered)
> % 76.8 861 : HTML_MESSAGE
> % 52.3 586 : MIME_HTML_ONLY
> % 41.7 467 : URIBL_SBL
> % 25.2 282 : URIBL_WS_SURBL
> % 23.0 258 : MPART_ALT_DIFF
> % 21.4 240 : URIBL_OB_SURBL
> % 17.8 199 : RATWARE_ZERO_TZ
> % 17.7 198 : HTML_90_100
> % 17.6 197 : URIBL_JP_SURBL
> % 16.8 188 : DRUGS_ERECTILE
> % 16.1 180 : MIME_BASE64_TEXT
> % 16.1 180 : SARE_MULT_RATW_02
> % 14.8 166 : MSGID_FROM_MTA_ID
> % 14.0 157 : MIME_BOUND_DD_DIGITS
> % 13.2 148 : MIME_HTML_ONLY_MULTI
> % 12.8 143 : AWL
> % 12.3 138 : HTML_40_50
> % 12.0 135 : BIZ_TLD
> % 12.0 134 : URIBL_SC_SURBL
> % 11.6 130 : HTML_30_40
> % 10.8 121 : HTML_FONT_BIG
> % 10.2 114 : DRUGS_ERECTILE_OBFU
> % 10.2 114 : X_MESSAGE_INFO
> % 10.1 113 : DRUGS_PAIN
> % 9.8 110 : LONGWORDS
> % 9.3 104 : BAYES_99
> % 9.2 103 : RCVD_BY_IP
> % 8.8 99 : HTML_TEXT_AFTER_BODY
> % 8.7 98 : MIME_QP_LONG_LINE
> % 8.4 94 : HTML_IMAGE_RATIO_02
>
>
> Ranking of Tests in Tagged Spam: ( 297 Tagged )
> ----------------------------------------------- (top 30 of 322 rules
> triggered)
> % 65.3 194 : HTML_MESSAGE
> % 37.0 110 : MIME_HTML_ONLY
> % 36.7 109 : URIBL_SBL
> % 25.6 76 : AWL
> % 25.3 75 : HTML_90_100
> % 15.5 46 : HTML_TEXT_AFTER_BODY
> % 15.2 45 : HTML_IMAGE_RATIO_02
> % 13.8 41 : HTML_TEXT_AFTER_HTML
> % 12.5 37 : MSGID_FROM_MTA_ID
> % 11.8 35 : HTML_FONT_BIG
> % 9.8 29 : HTML_80_90
> % 8.8 26 : TO_ADDRESS_EQ_REAL
> % 7.7 23 : MIME_QP_LONG_LINE
> % 7.4 22 : BAYES_50
> % 7.4 22 : MPART_ALT_DIFF
> % 7.1 21 : URIBL_WS_SURBL
> % 6.4 19 : HTML_TAG_EXIST_TBODY
> % 6.1 18 : HTML_IMAGE_ONLY_16
> % 5.1 15 : HTML_IMAGE_ONLY_20
> % 5.1 15 : FORGED_RCVD_HELO
> % 4.7 14 : NO_REAL_NAME
> % 4.4 13 : HTML_IMAGE_ONLY_12
> % 4.4 13 : SARE_HTML_HTML_AFTER
> % 4.4 13 : HELO_DYNAMIC_IPADDR2
> % 4.0 12 : MIME_HTML_MOSTLY
> % 4.0 12 : RCVD_NUMERIC_HELO
> % 3.7 11 : DOMAIN_RATIO
> % 3.7 11 : DATE_IN_FUTURE_12_24
> % 3.4 10 : HTML_MIME_NO_HTML_TAG
> % 3.4 10 : MIME_BASE64_TEXT
>
>
> -Matt
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list