Re: [exim] SPAM testing

On Thu, 13 Apr 2006, Paul Johnson wrote:

> Best method to test spam rejection is to go live and cross your
> fingers. Start conservatively with your heuristics: Err on the
> side of false negative and work yourself closer to equilibrium. No
> anti-spam system is 100% accurate, your spam may vary.

One possible strategy based on scoring (if other aspects of your
policy permit it) is to initially define a fairly liberal acceptance
level for suspect-spam, but to apply a rule which freezes those items.
Inspect the frozen items, discard those which are definite spam; thaw
those which are not, while adjusting the rule(s) which caused them to
be suspected. As you gain confidence, lower the rejection threshold
in stages.

In spamassassin terms, for example, one might deliver <5.0 as probable
ham; deliver <8.0 as possible spam; freeze scores between 8.0 and X
for inspection, and reject scores above X (you choose X, say 15 or 20
if you're not sure yet). With time, stepping X down in stages until
you're confident enough of your rules be able to dispense with the
freezing.

Freezing is also a useful way to try out new anti-spam ideas before
putting them into production, just in case they're going to cause
unexpected false-positives.

regards