Re: Content Filtering Statistics. What to expect?
From: Mike (michael.owen@hushmail.com)
Date: 01/01/03
- Next message: Larry Schlack: "Re: cisco / microsoft -- what is the VPN IPsec alternative????"
- Previous message: Alun Jones: "Re: security vuln"
- In reply to: Brian E: "Re: Content Filtering Statistics. What to expect?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike" <michael.owen@hushmail.com> Date: Wed, 1 Jan 2003 15:17:40 -0000
"Brian E" <brian_anon@hotmail.com> wrote in message
news:737943bc.0212311614.65bca804@posting.google.com...
> Here's an example, we receive on average about 500,000 emails per
> month. Of this we block about 14,000 per month (28%).
>
> Are there any industry studies that have quantified the percentage of
> email an organization receives that is spam? I'm saying on average,
> for randomly selected companies. I don't want an individual's
> statistics, but rather a large sampling of users.
I still don't know of any such study.
> With the above metrics, I'd like to say that content filtering
> technologies are not 100%. There will always be false-positives and
> false-negatives. I want people to understand this and determine what
> rate of falsepositives and negatives are acceptable.
It should be intuitive to anyone that you're never going to have 100%
accuracy. As long as you explain how the technology works, you can explain
this range of error. Additionally, you will be able to explain (using
specific examples from your rulesets) why certain rules will give false
positives or false negatives.
> If studies find that a company can expect 25-35% of their email being
> spam and we block 28% I can reasonably assume we're doing a good job
> if we are an average company. This would allow me to politely say
> that the .01% of false positives or negatives are the cost of the
> technology (that is, normal and to be expected). Or whatever this
> percentage would be (which I think is accurate for us.. but false
> positives or false negatives are not always reported).
Well, I would have thought you could do this without the study, simply by
examining the false positives and negatives, and showing that while rule <x>
gave you this many false positives, it also caught <y> spam messages. This
would require a fairly in-depth examination of the system logging though -
it might only be possible for people who've actually worked in-depth with
the content filtering programs themselves. And some programs might not
provide sufficient logging information for such an examination. I'll drop a
line to a few people I still know in that particular industry - I'll let you
know if I find anything.
cheers,
Mike
- Next message: Larry Schlack: "Re: cisco / microsoft -- what is the VPN IPsec alternative????"
- Previous message: Alun Jones: "Re: security vuln"
- In reply to: Brian E: "Re: Content Filtering Statistics. What to expect?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
