[unisog] spam detection rates

Tim Lane tlane at scu.edu.au
Tue Nov 23 10:16:58 GMT 2004


Russell,

they sound like pretty good statistics, I'd be interested in discussing 
more about what you have done.  It may be reassuring to know your 
statistics against ours.  Our spam rate is HIGH.  By that I mean that, 
aside from RBL's, the actual identification of spam by our anti spam 
gateway is accurate to about 40%.  If we increase our heuristics detection 
then we begin to get increased false positives.  All of our identified spam 
is still sent to users (as tagged spam).  The net result is therefore, out 
of 100 emails, our estimated rate of spam is around 40% .  Out of these 40 
spam emails, 40% are detected as spam.  Therefore, for every 100 emails, a 
user receives about 16 spam emails, that are tagged as spam.  The other 24 
emails are in fact real spam not identified by our system as spam.

Tim


At 08:27 AM 17/11/2004 +1300, you wrote:
>Hi Folks,
>         Recently a colleague (Bojan Zdrnja) and I gave a paper at a local
>Tertiary IT conference about dealing with spam an malware.  Bojan
>described our new mail system that he had designed and implemented
>(postfix, spamassin, amavisd, sophos -- with Dspam and clamav as
>secondary AV and spam detection).
>
>As part of the preparation for this talk we tried to estimate just what
>the real rate of spam detection was by selecting a few addresses that
>attract a lot of spam (mine was one) and examining a weeks worth of
>mail.
>
>We were rather chuffed to find that out of nearly 400 spam messages
>delivered to my account only three made it through with out being
>recognised as spam.  There was also a couple false +ve but they were a
>deliberate plant -- I signed up to a the digest of a support group for a
>medical condition that my wife subscribes to.  The digest contains up to
>30 emails with lots of medical terms and symptom descriptions along with
>urls for useful products.  Her ISP's spam filter regularly tags it as
>spam so we thought we would try it through our system.
>
>Anyway, to the point of this post.  In our test our system delivered
>over 99% accuracy in identifying spam over the period of a week for a
>few selected accounts. (We have had four complaints in six months about
>false positives).  Does anyone else have figures for their systems that
>they would care to share.
>
>I now see less than one piece of spam a day (I have had 13 so far this
>month).
>
>
>--
>Russell Fulton, Information Security Officer, The University of Auckland
>New Zealand
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog

Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3290
Fax: 61 2 6620 3033
Email: tlane at scu.edu.au
http://www.scu.edu.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20041123/d6926779/attachment-0001.htm


More information about the unisog mailing list