Hi all,
Are there plans on improving the FirstAlert system ?
FirstAlert future
- clauderenaud
- Travelling Tuatara
- Contact:
- Location: France
- stan_qaz
- Omniscient Kiwi
- Location: Gilbert, Arizona
Post
Re: FirstAlert future
There has been some discussion on improvements, both in making reporting false positives easier and in giving it a weighted say in the spam detection scheme instead of the current yes/no situation.
There was some discussion a while back on giving users a "trust" score so the ones that did an excellent job of reporting got their reports sent directly to the database to speed detection for others and for the poor reporters that were making errors their reports could be given a more thorough review before being added to the database. There was also some discussion of how many reports should be needed before the database starts identifying similar messages as spam.
I think most of this is on hold until it is seen how the new weighting system works out as that could make much of it unnecessary.
There was some discussion a while back on giving users a "trust" score so the ones that did an excellent job of reporting got their reports sent directly to the database to speed detection for others and for the poor reporters that were making errors their reports could be given a more thorough review before being added to the database. There was also some discussion of how many reports should be needed before the database starts identifying similar messages as spam.
I think most of this is on hold until it is seen how the new weighting system works out as that could make much of it unnecessary.
I am not a Firetrust employee just a MW user.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
- clauderenaud
- Travelling Tuatara
- Contact:
- Location: France
Post
Re: FirstAlert future
Ok, truely hope some of those enhancements will be integrated in the next revision of the system ...stan_qaz wrote:There has been some discussion on improvements, both in making reporting false positives easier and in giving it a weighted say in the spam detection scheme instead of the current yes/no situation.
There was some discussion a while back on giving users a "trust" score so the ones that did an excellent job of reporting got their reports sent directly to the database to speed detection for others and for the poor reporters that were making errors their reports could be given a more thorough review before being added to the database. There was also some discussion of how many reports should be needed before the database starts identifying similar messages as spam.
I think most of this is on hold until it is seen how the new weighting system works out as that could make much of it unnecessary.
Regards,
--
Claude Renaud
--
Claude Renaud
- rusticdog
- Firetrust Monkey
Post
Re: FirstAlert future
There will be some tweaking with the new version, the biggest issue right now is that any spam email over 200 lines requires a MW user to report the email to us, if it comes through from our MW Server users or our honeypots it will never match for MW users as those systems store the entire email, not just the 200 lines used by MW.
- clauderenaud
- Travelling Tuatara
- Contact:
- Location: France
Post
What about messages which have similarity between them (similar subject but different content or diferent subject and ...)...
Re: FirstAlert future
And could it be possible to include other criterias tan subject and message content to identify message as spam in the FirstAlert system ?rusticdog wrote:There will be some tweaking with the new version, the biggest issue right now is that any spam email over 200 lines requires a MW user to report the email to us, if it comes through from our MW Server users or our honeypots it will never match for MW users as those systems store the entire email, not just the 200 lines used by MW.
What about messages which have similarity between them (similar subject but different content or diferent subject and ...)...
Regards,
--
Claude Renaud
--
Claude Renaud
- rusticdog
- Firetrust Monkey
Post
Re: FirstAlert future
There is already some logic in there, so the messages don't need to match exactly.
I don't know what the exact rate is, but say for example a message you check against FirstAlert matches a message we have in the system by 80%, then it will be considered spam. We will also probably look at adding support for checking URLs with FirstAlert as well
I don't know what the exact rate is, but say for example a message you check against FirstAlert matches a message we have in the system by 80%, then it will be considered spam. We will also probably look at adding support for checking URLs with FirstAlert as well
- clauderenaud
- Travelling Tuatara
- Contact:
- Location: France
Post
Re: FirstAlert future
Ok, so let's see what will it become ...rusticdog wrote:There is already some logic in there, so the messages don't need to match exactly.
I don't know what the exact rate is, but say for example a message you check against FirstAlert matches a message we have in the system by 80%, then it will be considered spam. We will also probably look at adding support for checking URLs with FirstAlert as well
Regards,
--
Claude Renaud
--
Claude Renaud