On Thu, Jun 12, 2003 at 08:00:58PM +0200, Santiago Vila wrote: > I agree every developer should be able to be on this variable by > request, but if we were able to block 50% or 60% of spam by a very > simple method and with very very few false positives, it would be > stupid not to estimate how many false positives there would really be > and we will never know whether or not there will be many, few or no > false positives until we try it in warn mode. I question your statistics. As some of you may know, I'm involved in the upstream development of SpamAssassin. We have tested various RBLs and I agree that lists.dsbl.org is one of the best RBLs out there. sbl.spamhaus.org is not a great RBL. This is an excerpt from our test results. (S/O = spam/overall, rank and score are relatively meaningless) OVERALL% SPAM% HAM% S/O RANK SCORE NAME 92163 48993 43170 0.532 0.00 0.00 (all messages) 100.000 53.1591 46.8409 0.532 0.00 0.00 (all messages as %) 20.883 39.2668 0.0185 1.000 0.98 2.23 RCVD_IN_DSBL 6.917 12.6937 0.3614 0.972 0.87 0.56 RCVD_IN_SBL What this means: lists.dsbl.org hits roughly 39% of spam at the expense of 0.019% of ham sbl.spamhaus.org hits 13% of spam at the expense of 0.36% ham Using both would likely hit about 45% of spam at the expense of 0.4% of ham. Not 50-60%... and not with "very very few false positives". And in case you're wondering about the accuracy of the data... I can assure you that it's quite good. (Using only recent mail, carefully classified, etc) I am not averse to using lists.dsbl.org on Debian machines providing there's an easy way to opt out. However, using sbl.spamhaus.org is not a good idea. I still don't think Debian should enforce a filtering policy on developers e-mail address. It should really be done on an individual basis. -- Duncan Findlay
Attachment:
pgp7HEF8LOVjs.pgp
Description: PGP signature