[SURBL-Discuss] FP Pattern for sbl-xbl.spamhaus.org

[Rob McEwen]

RE: FP Pattern for sbl-xbl.spamhaus.org

For a while now, my philosophy has been to use sbl-xbl.spamhaus.org to block
at the connection level and not even allow these messages onto my server.
Much of the remaining spam filtering is then done by SURBL-checking.
However, more recently, I been testing samples of sbl-xbl.spamhaus.org
blocked messages and I've noticed two things.

(1) more false positives than I would want to see (though still a very tiny,
tiny percentage overall) get blocked by sbl-xbl.spamhaus.org

...and...

(2) those that ARE legitimate tend to be cases where a mistake was made and,
by the next day (or later that same day), the offending IP is removed from
sbl-xbl.spamhaus.org

However, I must admit, I'm drawing sweeping conclusions from very little
sampling of data. Therefore, don't take my word for it... Rather, is this
consistent with anyone else's experience with sbl-xbl.spamhaus.org? The
reason I mention this is that, if my initial conclusions are true, there
would then be a strong argument for "holding" sbl-xbl.spamhaus.org blocked
mail and giving it a "second try" some hours later. Also, if this is true,
does anyone have a "feel" for exactly how long "bad" data stays on
sbl-xbl.spamhaus.org before it gets removed? (Recognizing, of course, that
SpamHaus is probably the most reliable and respected free RBL in existence
and they rarely make mistakes in the first place).

Any thoughts or suggestions? Has anyone examined their sbl-xbl.spamhaus.org
blocked messages lately?

Rob McEwen