Dear Kelly,
You wrote:
I used to run the MAPS RBL and now I run the Spamcop BL. Perhaps you've
heard of those?
Of course and if you did ever read NANAE then you would know that I did
always recommend the Spamcop BL because it is a good DNSBL with a low false
positive rate.
Neither the Spamcop BL nor the MAPS RBL have ever charged for delisting. I
would never support a charge for delisting because it leaves the list open
to the accusation of false listings in order to generate revenue.
SCBL currently allows delisting on demand for a first listing and then an
increasing interval before successive self-delistings are permitted. (All
listing still expire after 24 hours with no new spam, but one can not
request delisting if an IP >is delisted on demand and then relisted). To be
perfectly honest, I was really nervous about this when we implemented it,
and we were prepared to revert the change if it hurt our efficacy or
accuracy. It hasn't. It also decreased our >support burden significantly.
Also, the CBL uses a similar model (although theirs was first) and is one
of the most accurate and useful blocklists in the world.
Based on my experience, I strongly disagree that pay-for-delisting is ever
necessary.
You can't compare the SCBL or the CBL to UCEPROTECT.
Both (SCBL and CBL) have a much broader listing source as UCEPROTECT, so
that they will probably see more impacts per infected system than we see.
Logically it will have no big impact in efficiency for your list if you are
automatic delisting after 24 hours with no impacts.
We did a similar test also in 2007 shortly after I took over the project and
lost about 15% efficiency by automatically delisting after 24 hours. Since
that was inacceptable, we did stick at 7 days.
You may not believe me, but really: I guess the SCBL might be much more
effective if they would list for 7 days instead.
I grabbed some links to independent stats to backup my claim:
http://www.sdsc.edu/~jeff/spam/cbc.html
At SDSC.EDU our UCEPROTECT-Level 1 had blocked 51583 spammails compared to
SPAMCOP which had blocked 16429 spammails last week.
That means our Level 1 did outperform your list by a factor 3 +
Your numbers in Europe are much better but even there dnsbl-1.uceprotect.net
outperforms bl.spamcop.net by more than 5% without having more false
positives.
SPAMCOP:
http://www.intra2net.com/de/support/antispam/blacklist
php_dnsbl=RCVD_IN_BL_SPAMCOP_NET.html
UCEPROTECT-Level 1:
http://www.intra2net.com/de/support/antispam/blacklist
php_dnsbl=RCVD_IN_UCEPROTECT1.html
Last not least (and since we have nothing to hide) also we measure
statistics for different DNSBL's:
http://stats.uceprotect.net/
By clicking on the graphics you will also be able to see the last 30 days
for each list efficiency and inaccuracy
As you can see we had never any problems to admitt that CBL is one of the
best lists around (I would really like to know their secret) and also that
ourlists are far away from being perfect.
I really recommend you to measure efficiency of your list by using internal
and external datas.
I had to learn that lesson by myself as Al Iverson presented his numbers to
me in 2007.
If you look on your own numbers only, then you will mostly not see the
complete picture.
Best Regards
Claus von Wolfhausen
Technical Director
UCEPROTECT-Network
http://www.uceprotect.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg