Re: blocked by dnsbl.sorbs.net

From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Nov 2006 20:40:07 -0500

"Peter Lawton" <devnull@fakedomain> wrote:

That's the trade off with any spam filtering of course, if you get 1,000,000
email messages a year of which 700,000 are spam and 300,000 are legitimate
you're never going to block all 700,000 spams with 0 false positives.

While that's true, the false positive rate on a good spam filter is
way less than 1%. As he's discovering (and a lot of discovered long
ago), a RBL can have a 100% false positive ratio for a particular IP
address, and an overall false positive ratio measured in double
digits.

A good enterprise spam filter (not one customized for an individual)
will have a 2% to 5% false negative ratio. RBLs have about a 60% false
negative ratio.

You need to tune your spam filtering to suit your particular needs, if you
can't afford to block a single legitimate email message then you're probably
not going to be able to block much spam either.

There are other alternatives to simply "blocking" an e-mail. The
message can be quarantined (leaving it up to the recipient to deccide
what to do with it), or the message can be marked in some way so the
user (or the users spam filter) can deal with it.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.

References:
- blocked by dnsbl.sorbs.net
  - From: Antonin
- Re: blocked by dnsbl.sorbs.net
  - From: Rich Matheisen [MVP]
- Re: blocked by dnsbl.sorbs.net
  - From: Antonin
- Re: blocked by dnsbl.sorbs.net
  - From: Andy David - MVP
- Re: blocked by dnsbl.sorbs.net
  - From: Peter Lawton

Prev by Date: Re: VB Script to dismount stores
Next by Date: Re: Unable to uninstall Exchange 2003 server
Previous by thread: Re: blocked by dnsbl.sorbs.net
Next by thread: Public Folder has items twice- how do i delete repeats?
Index(es):
- Date
- Thread

Relevant Pages

Re: PLUG: PMAS
... The state of the art that can be obtained with DNSbsl is> 80% with out a DHCP list, and well into the 90% in spam detection. ... more good mail probably gets lost for other reasons beyond the mail server operator or network administrators control. ... So what DNSbls are you using that generate these higher rates of false positives? ... And most of the mail servers that I have seen allow local customization of the bounce message they send to their internal network users. ...
(comp.os.vms)
Re: IMF and UceArchive folder
... could not get it to do what I needed, and decided to give the IMF a try. ... > 138 got a score of 1-3, making them almost certainly not spam. ... > potential false positives in the SCL range of 4-7." ... > It says you're a "Software Development Consultant" in your sig. ...
(microsoft.public.exchange.admin)
Re: IMF and UceArchive folder
... The IMF has been running over the weekend at a level of 5. ... checking through every piece of archived email, and have no false positives. ... Some of the spam has been given a rating of 1 or 2, ... These guys are quoting MCP magazine. ...
(microsoft.public.exchange.admin)
Re: SBS 2008 and antivirus
... I'll be installing more of these I'm ... Have you seen many false positives? ... Quarantine "Suspect" spam - the Suspect spam is part of the nightly ... Calling an illegal alien an "undocumented worker" is like calling a ...
(microsoft.public.windows.server.sbs)
Re: SBS 2008 and antivirus
... Can you recommend settings for email filtering? ... Have you seen many false positives? ... Quarantine "Suspect" spam - the Suspect spam is part of the nightly ...
(microsoft.public.windows.server.sbs)