RE: FP Pattern for sbl-xbl.spamhaus.org
For a while now, my philosophy has been to use sbl-xbl.spamhaus.org to block at the connection level and not even allow these messages onto my server. Much of the remaining spam filtering is then done by SURBL-checking. However, more recently, I been testing samples of sbl-xbl.spamhaus.org blocked messages and I've noticed two things.
(1) more false positives than I would want to see (though still a very tiny, tiny percentage overall) get blocked by sbl-xbl.spamhaus.org
...and...
(2) those that ARE legitimate tend to be cases where a mistake was made and, by the next day (or later that same day), the offending IP is removed from sbl-xbl.spamhaus.org
However, I must admit, I'm drawing sweeping conclusions from very little sampling of data. Therefore, don't take my word for it... Rather, is this consistent with anyone else's experience with sbl-xbl.spamhaus.org? The reason I mention this is that, if my initial conclusions are true, there would then be a strong argument for "holding" sbl-xbl.spamhaus.org blocked mail and giving it a "second try" some hours later. Also, if this is true, does anyone have a "feel" for exactly how long "bad" data stays on sbl-xbl.spamhaus.org before it gets removed? (Recognizing, of course, that SpamHaus is probably the most reliable and respected free RBL in existence and they rarely make mistakes in the first place).
Any thoughts or suggestions? Has anyone examined their sbl-xbl.spamhaus.org blocked messages lately?
Rob McEwen