[Mimedefang] Fw: [Sare-users] Spam with numbers in subj and body

[Kevin A. McGrail]

> That __KAM_NUMBER2 test is identical to: "body NAME /\d/", or
> it matches every mail that contains a number in the body. Now I'm
> obviously in the wrong domain to perform a good test on that, but
> just as an example I took the archives of this mailinglist as far
> as I had it online, and I found 7881 matching messages out of
> 8860 (89%), while in some pseudo-random sampling of spam I have
> here, it's 4678 messages out of 5112 (91.5%).

__ marks rules that are partial rules.  Therefore, you are taking it out of context by running it in a standalone capacity.

I'm aware that it marks any email that has digits in the body.  My plan is to change it to {3,6} because my theory is that the number emails all have numbers greater than 3.  If you or others have input on this fact, I'd like it to hear it.  However, I have received very few of these emails though I have definitely tracked their passing on numerous servers.  

Rules are a gradual process for me.  I build rules, refine, test and then move then eventually if I feel it has mass-desire, I move it into the SA rulesrc sandbox for further testing and promotion on the SA Nightly Mass Checks.  But, taking a partial rule and claiming it has False Positives and using it against me is bad evidence.  If you can point out a false positive/negative caused by the rule as a whole, I'm open to suggestions and comments, but I really feel quite attacked over what was trying to be a helpful.

In the meantime, I'll submit the rule to the SA sandbox for masschecks on it earlier than I would have with 1,6 and we'll see what the SA corpus response is like for FPs.  The committed revision was 412731.

Sincerely,

KAM