[Mimedefang] DNS Lookups in MD - Was RBL and DNS lookups

Cormack, Ken Ken.Cormack at roadway.com
Tue May 15 11:31:06 EDT 2007


> I do score many at these numbers as HIGH as 9, in fact.  You can see the 
> rules and scoring at 
> http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf

> I do not recommend using SA scores to block email.  SPAM is in the eye of 
> the beholder and 10 is too low IMO.

If you're scoring your rules with values of 5-9, then yeah, a threshold of
10 would be "too low".  However, if like most rules, you score more
conservatively, in the range of 0.1 to maybe 3.0, then a threshold of 10
suddenly becomes a much more realistic threshold for rejections or at least
quarantining.  You're implementing a few high-scoring rules to guarantee
such hits get above an artifically-high threshold.  Lower the scores, and
you can lower your threshold.  That makes it far more likely that other
rulesets will at least have some chance to helping to control spam.

If you had 1000 rules that all scored at 1, and your threshold was 1000, all
1000 rules would have to hit, to reach the threshold.  If the average number
of rules that hit per-message was 10, and you create a super-rule that
scores 980, then yeah, it's more likely you'll exceed your threshold, thanks
to your super-rule.

But if you drop your rules down to 1, lower your threshold to 10, and your
rule does not happen to "hit" on a particular message, then at least there's
a chance that 10 of the other thousand rules will hit their mark, and you'll
be able to reach the threshold without requiring those non-super-rule hits
in order to reach the threshold.

By unnecessarily raising the threshold, and creating super-rules to then hit
that mark, you render the stock rulesets far less successful at flagging
spam.  It would seem pointless to run any of the stock rulesets, if they
don't stand a chance at scoring at-or-above the high threshold, without help
from the super-rules.

Am I wrong in thinking this?

Ken



More information about the MIMEDefang mailing list