spf-discuss
[Top] [All Lists]

RE: SPF too late?

2004-11-17 15:30:00
From: Chris Drake
Sent: Tuesday, November 16, 2004 6:36 PM


BrightMail claims false-positive rates of 1 in a billion. I've been
using it for 3 days, and it's been spot-on so far (I get a *lot* of
junk and a lot of legitimate mail).  There's no need for SPF or
SenderID or anything else if it can keep this up.  Dunno how it works
though - I would have said this false pos rate was impossible.
Doesn't stop 'em from fibbing on their web site still: the "one in a
billion" test was from a report in Feb 2003, but their web site quotes
"2004" every time they reference the 1in1e9 report.  I'm itching to
prove them wrong still, so I'm about to redirect all my business's
spam and legit emails to my iiNet brightmail account too :-)

One of my providers uses Brightmail and my experience with it that the false
negative rate is too high.  I don't recall ever having a false positive with
it.  You should keep in mind that Brightmail is a paid service that relies
on a lot of human input at their end to come up with these results (i.e. it
costs a lot of money for them to keep their filters tuned), so it is not a
good model for general spam reduction.  I find I get better results with a
combination of blocking based on DNSBL's (plus the usual SMTP heuristics)
and Bayesian filtering of what hits my inbox, but that's just my personal
preference.

The only heuristic that has caused any trouble, requiring rDNS, is still
worth keeping as any improper rejection results in a DSN and it stops a lot
of junk.  Two out of the three sites that have received improper rejections
had nameserver loops in their rDNS that they were unaware of, so it's
actually not such a bad thing.

--

Seth Goodman


<Prev in Thread] Current Thread [Next in Thread>