Re: Barracuda Spam Filter

[Graham Toal <gtoal () UTPA EDU>]

CAROLE CARMODY wrote:

> Why do you say that it is safe to assume that I misspoke and that I
> meant to say that it is rejecting 90% of inbound mail as spam?  That is
> not what I said not what I intended to say. The Director of
> Telecommunications at the College has said that (after looking at the
> logs) he believes that of the spam that arrives at the College through
> the e-mail system, only about 10% of all spam gets through as a result
> of using the Barracuda.  Why is catching 90% of the spam pointless?  If
> we don't catch 100% of the spam is this solution failing?

I wasn't the one that said it, but I'll answer because I agree with the
sentiment:

90% was good when you got 10 spams a day, and one slipped through.  However
many of us who use email addresses which have been exposed on the net
since the
early days are *deluged* by spam - I personally receive about 2000 per
day on
my gtoal () gtoal com home address - and 10% of that would be ... more than
I am
willing to accept.  Modern Bayesian spam filters are accurate in the
high 9's, and most
of the research and internecine warfare ;-) in the anti-spam community
is about
whether one guy's 99.3% with .001% false positive is better or worse
that someone
else's 99.9% with .002% false positives!

Generally the split goes like this: some vendors refuse to get on board
with the
Bayesian bandwaggon, and stick to their 2-yr old software which is no longer
adequate in the internet-time arms race that is spam vs antispam.  They
justify
their low 90% recognition rates usually by a FUD campaign claiming that
they have no false positives.  Aside from the fact that the claims are
somewhat
dubious, plus that good Bayesian filters also have vanishingly low false
positive
rates now, what we're really looking at here is that there is a
trade-off to be made
between recognition rate and false positive rate, regardless of the
technology, but
that some people have zero tolerance for false positives.

I personally do not see many false positives, but even if I did I would
live with
a few (say .001%?) for the benefit of having a >99.9% recognition rate.

By the way, I keep *all* my mail, ever (since about 1976) and the last few
years are filtered into separate ham and spam files.  I use them as a
regression
test and to test new algorithms, and very occasionally I find a mail
which was
mis-categorized.  I've had about 5 mails marked as bad that were good in
the last year that I know of, out of about 50 good emails per day and
1000-2000
spams per day.  (My home system doesn't grey list because I want the spam
for my anti-spam software research :-) - otherwise it would be down to about
10 spams per day now)

Anyway, nothing wrong with 90% and a very low FP rate, as long as your
absolute spam rate stays low.

Graham