Re: Barracuda Spam Filter

[CAROLE CARMODY <Carole_Carmody () BLOOMFIELD EDU>]

My apologies to participants on the list.  I will not respond again.

-----Original Message-----
From: Graham Toal [mailto:gtoal () UTPA EDU] 
Sent: Monday, July 25, 2005 3:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Barracuda Spam Filter

CAROLE CARMODY wrote:

> Why do you say that it is safe to assume that I misspoke and that I
> meant to say that it is rejecting 90% of inbound mail as spam?  That is
> not what I said not what I intended to say. The Director of
> Telecommunications at the College has said that (after looking at the
> logs) he believes that of the spam that arrives at the College through
> the e-mail system, only about 10% of all spam gets through as a result
> of using the Barracuda.  Why is catching 90% of the spam pointless?  If
> we don't catch 100% of the spam is this solution failing?
>  

I wasn't the one that said it, but I'll answer because I agree with the 
sentiment:

90% was good when you got 10 spams a day, and one slipped through.
However
many of us who use email addresses which have been exposed on the net 
since the
early days are *deluged* by spam - I personally receive about 2000 per 
day on
my gtoal () gtoal com home address - and 10% of that would be ... more than

I am
willing to accept.  Modern Bayesian spam filters are accurate in the 
high 9's, and most
of the research and internecine warfare ;-) in the anti-spam community 
is about
whether one guy's 99.3% with .001% false positive is better or worse 
that someone
else's 99.9% with .002% false positives!

Generally the split goes like this: some vendors refuse to get on board 
with the
Bayesian bandwaggon, and stick to their 2-yr old software which is no
longer
adequate in the internet-time arms race that is spam vs antispam.  They 
justify
their low 90% recognition rates usually by a FUD campaign claiming that
they have no false positives.  Aside from the fact that the claims are 
somewhat
dubious, plus that good Bayesian filters also have vanishingly low false

positive
rates now, what we're really looking at here is that there is a 
trade-off to be made
between recognition rate and false positive rate, regardless of the 
technology, but
that some people have zero tolerance for false positives.

I personally do not see many false positives, but even if I did I would 
live with
a few (say .001%?) for the benefit of having a >99.9% recognition rate.

By the way, I keep *all* my mail, ever (since about 1976) and the last
few
years are filtered into separate ham and spam files.  I use them as a 
regression
test and to test new algorithms, and very occasionally I find a mail 
which was
mis-categorized.  I've had about 5 mails marked as bad that were good in
the last year that I know of, out of about 50 good emails per day and 
1000-2000
spams per day.  (My home system doesn't grey list because I want the
spam
for my anti-spam software research :-) - otherwise it would be down to
about
10 spams per day now)

Anyway, nothing wrong with 90% and a very low FP rate, as long as your
absolute spam rate stays low.

Graham