ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 7. Best Practices - DNSBLs - Article

2003-09-07 21:05:57
from [Chris Lewis] [Permanent Link] 
Brad Knowles wrote:


At 3:57 PM -0400 2003/08/12, Chris Lewis wrote:


 We know _exactly_ how each of the DNSBLs we're using work - their
 effectiveness ratings, FP ratings, because we see and measure all of it.


Catching up...
Not true. You know how the first one in your list is operating, at least to the level of rejections that result from it, and then complaints that come when when those rejections appear to be inaccurate.
You don't know how the next one would have done, if the first one hadn't blocked that message. You don't know how many false negatives made it through. And of the positives, you don't really know how many are true and how many are false. 

Obviously, you don't know how our filtering or our metrics work.
We know exactly how many emails each BL would stop on its own and exactly which BLs blocked any given IP. I've published sets of data here to show that.
You would have to look up each address in all black lists (noting both hits and misses, 

We do.

 as well as the time of the lookup) before making
your decision, and you would have to use other means to investigate the negatives that make it through the system and re-look them up again at various recurring periods in time (to see if they were added to the list after the message got through your system). 

We do that too.
Then you would have to track which black lists result in the most positive hits with the lowest false negative and false positive ratios. 

We do exactly that.  Except for false negatives.
When you're running multiple filtering methods, false negatives for a individual BLs or filtering types are irrelevant.
In other words, you'd have to look up every single address that ever contacts your mail server (including ones that may get rejected for other reasons before they would normally hit the black list checks), in all black lists, re-query on a periodic basis, and track all hits and all misses for all IP addresses, ad infinitum. 


    I'm pretty sure you don't do that.


Actually, we do.
For example, I can tell you that 2.5% of the email that got through would have been caught except for latency delays in our BLs... ;-) 



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 0. General - Welcome to the ASRG, Yakov Shafranovich
Next by Date:  Re: [Asrg] 7. Best Practices - DNSBLs - Article, Brad Knowles
Previous by Thread:  [Asrg] [META] Proposed additional SMTP commands *AFTER* RCPT: please, waltdnes
Next by Thread:  Re: [Asrg] 7. Best Practices - DNSBLs - Article, Brad Knowles
Indexes:  [Date] [Thread] [Top] [All Lists]