This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
how_to:spam_filter_false_positives [2015/09/23 13:46] – external edit 127.0.0.1 | how_to:spam_filter_false_positives [2018/11/14 10:45] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======Spam Filter False Positives====== | + | [[https://helpdesk.pscs.co.uk/567236-VPOP3-Spamfilter-False-Positives]] |
- | As with any spam filter solution, the VPOP3 spam filter can, and probably will, generate false positives. These are messages which VPOP3' | + | |
- | + | ||
- | On the mail we receive at PSCS, the false positive rate is around 2 or 3 in every 5000 detected spam messages. That's about a 0.04% - 0.06% rate. However, different users may have different false positive detection rates. For instance: | + | |
- | + | ||
- | * you may receive mail which looks like some types of spam message (eg stockbrokers may receive a lot of mail which looks like the ' | + | |
- | * you may receive mail from companies which send out spam themselves, so those companies' | + | |
- | * you may receive mail from people who use ' | + | |
- | + | ||
- | The VPOP3 spam filter also uses 2 types of spam detection which are not directly controlled by the spam definitions: | + | |
- | + | ||
- | * Bayesian filtering | + | |
- | * Real-time black lists - these are DNS based Blacklists for either mail server IP addresses or URL links containined inside messages which indicate whether these are used by spammers or not. For most people these are a very accurate way of detecting spam messages. However, sometimes a mail server used by legitimate users will get put onto the blocked mail server blacklists so their mail may be affected. | + | |
- | + | ||
- | If you get false positives from the VPOP3 spam filter, the first thing to do is to look for the **X-VPOP3-SPAM:** line in the message header, this lists all the rules which were triggered for that message, and the ' | + | |
- | + | ||
- | Some examples of **X-VPOP3-Spam: | + | |
- | + | ||
- | X-VPOP3-SpamBayes: | + | |
- | X-VPOP3-Spam: | + | |
- | + | ||
- | This means that the message had a word (or more) which looks to have been misspelt (VPOP3 only checks certain words which spammers regularly misspell to try to avoid filters - eg ' | + | |
- | + | ||
- | X-VPOP3-SpamBayes: | + | |
- | X-VPOP3-Spam: | + | |
- | + | ||
- | This message had long sequences of capital letters, which matches the ' | + | |
- | + | ||
- | In both these cases the fixed rules in the VPOP3 spam filter definitions contributed less than half of the overall spam score of the message, the majority of the score was contributed by something outside the control of the fixed definitions. In this case, if the message is reported as a false positive to us, we may not be able to alter the filter definitions to have allowed the message through without reducing its effectiveness on detecting actual spam. | + | |
- | + | ||
- | If you regularly get these types of false positives, the solution may be to decrease the weighting of the appropriate DNS blacklist test or the Bayesian filter tests. To do this, in the VPOP3 settings, go to **Settings -> Spam Filter -> General -> Rule Weights**, and find the rules in question, and decrease their weighting (the rules are named as the entries in the X-VPOP3-Spam header line) | + | |
- | + |