I have used real-time blocklists myself since a dozen or so years ago. I've worked for companies and managed servers that have been listed on blocklists more than once unwarranted. I can't help but notice some huge changes between the granddaddy lists I did support and some of the current breed I'd stay away of. As with all things the most negative experiences will stand out, but there's a lesson to be learned in how to detect the "bad" blocklists and how to avoid them. The unintentional userFirst, how do you know you are using a blocklist? You don't, unless you start to hunt for it. E.g. your google toolbar has a blocklist of sites it thinks are a bad idea to surf to(*). It'll warn you about a supposedly bad website you really might be willing to avoid. But how many more blocklists are you using without having intentionally configured, chosen and vetted the processes behind it? If you use e.g. a sendmail configuration file that you didn't write, how do you know it isn't using some blocklist to tune down the volume of spam. If you're an unintentional user, you're not in control of the choices being made and you and your peers might in the end suffer badly. So the advise is to seek out what blocklists you are using and go from the unintentional to the intentional user. False positives - false negativesTrue positives and true negatives will mostly go unnoticed but the other two can be problematic. A false positive is e.g. a blocklist for spammers that contains well behaving Internet users. Those users (might be your supplier, your customers, ...) can't communicate anymore with you, and might give up on you as you just seem to be ignoring them rudely. The false negatives are what will prompt some into searching ever more strict rules as there is still spam sneaking through. We know that getting ever more strict measures will also increase the false positives rate dramatically. For things like spam where the spam outnumbers the genuine messages dramatically if your address is well known, getting spam free with a blocklist is likely to cost you most if not all genuine messages as well. Basically blocking all email will guarantee you no false negatives, but it'll also guarantee all genuine messages turn out to be false positives. Measuring false negatives is terribly easy for e.g. spam lists, while measuring false negatives is next to impossible. Just measuring how much email got blocked says nothing about it all, and if you need to read the messages in order to be able to measure the effectiveness , you might just as well deleted the spam by hand. CriteriaSome criteria we could suggest to choose blocklists:
If your favorite blocklist fails many of these criteria, perhaps it's time to urgently switch blocklists, or move to another solution as to avoid the false positives you might not be aware of. Sometimes just reading the FAQ wil set of so many alarms that you might choose not to use their blocklist. If you have more criteria to suggest, feel free, we'll update the story with the best suggestions. (*): I've never seen a false positive on the google toolbar myself, so I'm not criticizing them, just using it as one of the examples where you or your users might have picked up a blocklist without having the intention of doing so. -- |
Swa 760 Posts Jul 28th 2007 |
Thread locked Subscribe |
Jul 28th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!