I think you've repeated the error Bob made. Spam 2 is given if the S begins 0, 1 or 2 - so 0.299999 gets a Spam 2.

To clear this one up, the system currently has three different checks in place:

x-pn-pstn = 1
* This means that 2strike is present and not set to clear. Plus the S: level is < 1

x-pn-pstn = 2
This means that either:
* The 2strike is not present and the S: level is < 0.3
* Or, present and set clear. Also the S: level is < 0.06

Just as an aside. These levels were determined after a lot of testing on our internal mail platform, tweaking the values and getting feedback of false positives and negatives.

Apart from the tagging of the Community forum notification emails as Spam 2 the Spam 2 level looks good to me. Still haven't seen a Spam 1.

I am begining to think that something changed when we upgraded the Postini software because this did pick up messages when running on our internal mail.

In the new year we'll have a look through the headers as they are now and look to getting some testing on the internal mail again if they have changed.

I created a folder in Outlook set to collect Spam 1 when this header marker was initiated.
Nothing has ever gone into it.

So,

Just to test a theory, I switched my message rules back to keeping the messages that would be marked Spam 1 on our corporate mail.

Over Christmas I have received messages picked up by this, sample headers are:

X-pstn-2strike: 7236
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S: 0.96331/99.72917 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 3 (1.0000:1.0000) s gt3 gt2 gt1 r p m c

Based on this, I reckon that it is maybe just the differences between customer and corporate mail that mean this is rarely (if ever) used.

For 'definite' I think Postini might have changed the headers in the latest release so that what was '2strike: integer' is now 'xfilter: y' (not 'yes' as described in the header descriptions). If that is the case it would explain why trialists (using a later release?) don't see SPAM 1. I have had the xfilter header.

Also there's in interesting "s" in that 'settings' line. Haven't seen that in the header descriptions.

Hmmmmmm ...............

Well, whatever the situation might be in reality, x-pstn-2strike: [number]  still continues to be an undocumented feature so far as all publicly available postini data is concerned. I did raise the question of postini versions and updates etc ages back as well as identifying the relatively recent appearance of x-pstn-xfilter: header.  I did also suggest that maybe it was 'old' information from a previous version of the system that was no longer relevant somewhere as well.  But either way and whatever the real answer might be, something really does tell me that as also threatened ages back, I probably do indeed need to wheel out Mr.RTFM here in order to demonstrate 'best practice' in such situations rather than taking the suck-it-and-see, trial-and-error or we-have-always-done-it-so-it-must-be-right stylee approach

However, it is quite interesting that an example was apparently found during the Christmas break seeing that the latest release of postini documentation appears to be V6.12 dated 14th December which implies no formal changes since then.  When was that message actually received ?

Of course, all this does raise yet another very serious potential issue.  If postini can and do make random changes to fundamental headers willy-nilly then what exactly are PN going to do to ensure that such actions are not going to 'upset' their analysis and result in problems for customers ?

How are PN going to track and evaluate any changes that postini may make to their systems so that they can take appropriate action to ensure that customers don't get problems ?

How are such version changes or other tweaks announced and monitored ?

It would appear that some form of reliable configuration management is going to be pretty essential here to avoid customers experiencing problems that PN could and should have sorted way before they happened.

Mike, Have you found any messages with x-pstn-2strike: [number] header? All of the emails I've seen with x-pstn-2strike: have it set to clear.

Nope. As I said somewhere else on here, I've seen absolutely no evidence that x-pstn-2strike can be anything other than "not present at all" or have the value "clear". There is no evidence that I can see anywhere on the postini site or in any of the manuals or user guides to indicate that it can be anything else either. This was why I asked for documentary evidence to substantiate the PN claim.  It would appear that it does indeed exist in messages via the PN internal system but the question "why" still remains as does seeing some documentary evidence from postini to explain what it is all about.

The postini header analyzer also appears to completely ignore any value other than "clear". Mind you, there was a time when the analyzer also appeared to basically ignore any reference to x-pstn-2strike whatsoever, but more recently it has been taking note if it has the value "clear".  It seems that postini do go a tweaking as/when required but I've not found any status, update notification or similar info page anywhere - not that I've tried particularly hard TBH.

I suspect that it is either a very old and subsequently removed condition, another configuration problem somewhere or simply that the PN internal and customer facing postini systems/configurations are fundamentally different. Either way it raises an 'interesting' potential problem regarding postini making changes that could break PNs implementation.  It also casts more doubt on the validity of the PN internal trial and comparing results of that trial with the current set up or using historic data to make decisions on what to do now. I still find it incredibly odd and quite unlikely that none of the strange issues that have come up were ever seen internally.

So just to make it crystal clear to myself.

If S=99.999 then that's zero % chance of it being Spam
If S=0 then that's 100% chance of it being Spam

Well that's logical enough for anyone 


Edit: I think I'll stick to Spam 2 for now.

or

If S=99.999 then it's 99.999% chance of being OK
If S=0 then it's 0% chance of being OK

bobp

The 2strike header does not show up on the postini account used by my employer, the only postini headers I get in a message are:


SW.

How many message headers did you check? It will only show up on spammy messages and is quite rare.

The messages with the x-pstn-2strike: 1234 header were received on the 5th, 6th and 8th of January.

That being said, that is five messages in a month and I receive a LOT of email on my work account (something like 5K messages a day before we had Postini) so it is probably not worth using in any scoring system.

Hi. I am a new Plusnet user and I would apreciate it if any can tell me how to let Plusnet mail know that mail it thinks of as spam is not?

Thanks