Educause Security Discussion mailing list archives

Re: Extremely High Spam Statistics

From: Brady McClenon <mcclenbw () ONEONTA EDU>
Date: Tue, 13 Feb 2007 15:03:07 -0500

As I read this thread it seems like we are comparing apples and oranges
of sorts.  Since probably no two anti-spam implementations are the same,
even if using the same product, I don't think anyone can say what
percentage anyone should see.  Especially since different solutions even
keep the statistics differently.  For Example, our Barracuda counts each
connection attempt from an IP address on a DNSBL as 1 blocked spam
message.  I've seen some products that do not count them at all.  Also,
some places choose to perform DNSBL lookup after accepting the message.
So if that one connection contained 10 messages it's counted as 10
pieces of spam instead of just one.

The key to spam filter is to filter as many as possible while keeping
the number of false positives to a bare minimum or better yet none at
all. So if you are blocking 98-99% without seeing or being told of
false-positives, great.   If you're only blocking 20% and your users are
happy, then that's great too.  Either you receive less spam as a whole,
you receive a lot more legitimate messages bring down the spam
percentage, or your institution is more conservative with what they
consider spam.

In short, I don't believe our 95% block rate reflects we are doing
something wrong, just because other institutions have lower numbers.
Our false positives have been few and far between.  I actually see room
for improvement on our 95%.  Yes, it's neat to compare numbers, just
don't judge your, or anyone else's, implementation by them.


Brady McClenon
Administrative Computer Services
State University College at Oneonta
Oneonta, NY  13820
(607) 436-3203


________________________________

        From: Tim Lane [mailto:tlane () SCU EDU AU] 
        Sent: Monday, February 12, 2007 7:51 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] Extremely High Spam Statistics
        
        
        Hello,
        
        I would be interested in comparing our spam stats with other
institutions.  We are currently sent around around 450 000 emails per
day, of which 98-99% are spam leaving around 5000 valid email messages
passed through.  This is transparent to our uses who only receive valid
email.  
        
        Are other institution's spam levels this high?  I would be very
interested in hearing stats as I thought global rates were only around
90-95%.
        
        Thanks,
        
        Tim
        
        
        
        

        Tim Lane
        Information Security Program Manager
        
        Information Technology and Telecommunication Services
        Southern Cross University
        PO Box 157 Lismore NSW 2480
        
        (02 6620 3290   7              02 6620 3033   - tlane () scu edu au
        8 http://www.scu.edu.au <http://www.scu.edu.au>

Current thread:

Re: Extremely High Spam Statistics, (continued)
- Re: Extremely High Spam Statistics HALL, NATHANIEL D. (Feb 13)
- Re: Extremely High Spam Statistics Ken Connelly (Feb 13)
- Re: Extremely High Spam Statistics Roger Safian (Feb 13)
- Re: Extremely High Spam Statistics Mark Bruhn (Feb 13)
- Re: Extremely High Spam Statistics Br. Kenneth Arnold (Feb 13)
- Re: Extremely High Spam Statistics Daniel J. Cody (Feb 13)
- Re: Extremely High Spam Statistics Joel Rosenblatt (Feb 13)
- Re: Extremely High Spam Statistics Mclaughlin, Kevin L (mclaugkl) (Feb 13)
- Re: Extremely High Spam Statistics Bristol, Gary L. (Feb 13)
- Re: Extremely High Spam Statistics Chris Steele (Feb 13)
- Re: Extremely High Spam Statistics Brady McClenon (Feb 13)
- Re: Extremely High Spam Statistics Mark Poepping (Feb 13)
- Re: Extremely High Spam Statistics Tim Lane (Feb 13)