IETF Logo Mail Archive

Re: [Asrg] "Uncaught spam" research project

Martijn Grooten <martijn.grooten@virusbtn.com> Tue, 04 May 2010 12:07 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0C673A6B66 for <asrg@core3.amsl.com>; Tue, 4 May 2010 05:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.5
X-Spam-Level: *
X-Spam-Status: No, score=1.5 tagged_above=-999 required=5 tests=[AWL=-1.500, BAYES_95=3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQK++YsJY+pt for <asrg@core3.amsl.com>; Tue, 4 May 2010 05:07:08 -0700 (PDT)
Received: from mx5.sophos.com (mx5.sophos.com [213.31.172.35]) by core3.amsl.com (Postfix) with ESMTP id 1AE283A69DA for <asrg@irtf.org>; Tue, 4 May 2010 05:07:07 -0700 (PDT)
Received: from mx5.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id EB8FF258010 for <asrg@irtf.org>; Tue, 4 May 2010 13:06:51 +0100 (BST)
Received: from uk-exch2.green.sophos (uk-exch2.green.sophos [10.100.199.17]) by mx5.sophos.com (Postfix) with ESMTP id DB97625800A for <asrg@irtf.org>; Tue, 4 May 2010 13:06:51 +0100 (BST)
Received: from UK-EXCHMBX1.green.sophos ([fe80:0000:0000:0000:e1bd:d3c1:23.222.229.221]) by uk-exch2.green.sophos ([10.100.199.17]) with mapi; Tue, 4 May 2010 13:06:51 +0100
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Date: Tue, 04 May 2010 13:06:50 +0100
Thread-Topic: [Asrg] "Uncaught spam" research project
Thread-Index: Acroh5HRF87t3Ew2SPW7wPoTZANJfgC99ZUA
Message-ID: <18B53BA2A483AD45962AAD1397BE132537A28C4ECB@UK-EXCHMBX1.green.sophos>
References: <18B53BA2A483AD45962AAD1397BE1325379ED80C30@UK-EXCHMBX1.green.sophos> <q2ke44ad6641004301005m664ef26cs48d10bfee93f32b@mail.gmail.com>
In-Reply-To: <q2ke44ad6641004301005m664ef26cs48d10bfee93f32b@mail.gmail.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] "Uncaught spam" research project
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 May 2010 12:07:09 -0000

Aaron Wolfe wrote:
> In my experience, you will find more variation in performance between
> a properly configured / maintained spam filter and a system left at
> defaults and forgotten about than you will find between different
> vendors.  Filters will use a variety of tactics to detect spam but
> most are common and unless a vendor has implemented them incorrectly
> they should perform identically.  For instance RBLs, smtp syntax
> checks, dns checks, IP connection characteristics are all going to be
> common. There is variation in how the results of these things are
> used, but this is often configurable and needs to be tweaked for a
> particular type of site for best performance anyway.
>
> Are you planning to compare these systems in their default
> configurations?  If so your results may be more an indicator of which
> vendor's defaults work best for your system than anything else.

The setup is part of a comparative anti-spam test I'm running and products have been set up by their developers to run ideally in that context. I've been running these tests for some time and before I started running them I was a bit worried that all products would catch the same spam. However, while products easily catch 98% of (spam trap) spam, it's not the always same spam that is caught: 10-15% of spam is missed by at least one filter; barely no message isn't blocked by at least one filter. This is one of my motivations for wanting to do this project.

Martijn.


Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

v2.23.0 | Report a Bug | By Email