axb-fraud high DNSWL_MED spam hits

[da...@chaosreigns.com]

One of the dnswl folks just noticed the percentage of spam hitting
RCVD_IN_DNSWL_MED recently went way up, and I see 17.7% of axb-fraud's spam
is hitting it.  Axb, could you check your trusted_networks?

( http://ruleqa.spamassassin.org/20121117/RCVD_IN_DNSWL_MED/detail )


Hmm, the ranks of RBL related rules seem to have dropped substantially.
The highest ranked RCVD_IN is currently 0.88, RCVD_IN_SBL.  And the old
-net ruleqa output is all overwritten by just llanga's corpora, probably
due to the time he's running masscheck and our bad handling of it
( https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6753 ), so I
can't verify that RCVD_IN_SBL was the highest ranked rule not long ago,
back to June.

-- 
"It is the first responsibility of every citizen to question authority."
- Benjamin Franklin
http://www.ChaosReigns.com

RCVD_IN_SBL lowered rank Re: axb-fraud high DNSWL_MED spam hits

[da...@chaosreigns.com]

On 11/18, darxus@chaosreigns.com wrote:
> Hmm, the ranks of RBL related rules seem to have dropped substantially.
> The highest ranked RCVD_IN is currently 0.88, RCVD_IN_SBL.  And the old
> -net ruleqa output is all overwritten by just llanga's corpora, probably
> due to the time he's running masscheck and our bad handling of it
> ( https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6753 ), so I
> can't verify that RCVD_IN_SBL was the highest ranked rule not long ago,
> back to June.

http://ruleqa.spamassassin.org/20121117-r1410711-n/RCVD_IN_SBL/detail

I have the highest ham hit rate for this rule.  I just went through my 29
hams hitting it, and verified they're all ham.  18 notifications from
livejournal.com, and 11 notifications from diyelectriccar.com.  

-- 
"I offer the modest proposal that our Universe is simply one of those
things which happen from time to time."
- Is the Universe a Vacuum Fluctuation?
http://www.ChaosReigns.com

Re: axb-fraud high DNSWL_MED spam hits

[da...@chaosreigns.com]

On 11/18, Axb wrote:
> On 11/18/2012 06:30 PM, darxus@chaosreigns.com wrote:
> >One of the dnswl folks just noticed the percentage of spam hitting
> >RCVD_IN_DNSWL_MED recently went way up, and I see 17.7% of axb-fraud's spam
> >is hitting it.  Axb, could you check your trusted_networks?
> >
> >( http://ruleqa.spamassassin.org/20121117/RCVD_IN_DNSWL_MED/detail )
> 
> The DNSWL spam feed is not being used for --net weekly masschecks.
> 
> I don't have trusted networks entries.
> Impossible to mantain for feeds coming from all over the place.
> 
> Seem a huge amount of spam comes from abused legit servers which
> DNSWL may have rated "MED".
> 
> If my --net massschecks are a problem I'll gladly disable those and
> spare the huge logs upload

Yeah, I think providing data on RBL type tests where trusted_networks is
known to be wrong seems really bad.

-- 
"Wash daily from nose-tip to tail-tip; drink deeply, but never too deep;
And remember the night is for hunting, and forget not the day is for sleep."
- The Law of the Jungle, Rudyard Kipling
http://www.ChaosReigns.com

Re: axb-fraud high DNSWL_MED spam hits

[Axb <ax...@gmail.com>]

On 11/18/2012 06:30 PM, darxus@chaosreigns.com wrote:
> One of the dnswl folks just noticed the percentage of spam hitting
> RCVD_IN_DNSWL_MED recently went way up, and I see 17.7% of axb-fraud's spam
> is hitting it.  Axb, could you check your trusted_networks?
>
> ( http://ruleqa.spamassassin.org/20121117/RCVD_IN_DNSWL_MED/detail )

The DNSWL spam feed is not being used for --net weekly masschecks.

I don't have trusted networks entries.
Impossible to mantain for feeds coming from all over the place.

Seem a huge amount of spam comes from abused legit servers which DNSWL 
may have rated "MED".

If my --net massschecks are a problem I'll gladly disable those and 
spare the huge logs upload