March 16, 2012

Over 1 month without any FP

As you can see, the last false positive that we found was on Feb 9 and nothing since. We are the only ones to have published email headers in support of those false positives and each one has been delisted by the APEWS.org Administrators. The folks you have seen posting removal requests here are people that believe that their IP addresses should not be listed. We have seen that most, but not all, have been delisted.

The SPEWS listing model was to use whole CIDR blocks in order to pressure the ISP. It involved listing the entire block without regard for individual IP addresses and therefore there was collateral damage which was not favored by many. In order for that method to work it requires that users tolerate the collateral damage until such time as the ISP cleaned up the CIDR. That method was flawed because users, network Administrators etc, would rather tolerate spam than collateral damage.

After analysing the APEWS.org data over a period of time we can see that they are no longer following the same model as SPEWS. A few years ago when they first became a replacement for SPEWS, it could have been said that their method was very close if not the same. However, the fact that false positives have reduced dramatically and having probed the listed CIDR, APEWS.org seem to be cutting holes in CIDR for trusted senders and accordingly reducing collateral damage leaving a binary reputation index.

11 comments:

  1. Just to follow on, since the number of false positives has dropped, the FP is practically 0% for us on our networks. What is interesting is that the TP, the correct identification of spam, has been rising to almost 99%. One of the mailboxes we checked recently has emails from a Gmail address forwarded to it and there were 3 spam in the inbox. 2 spam had been forwarded by Gmail servers and the 3rd spam was from an IP address not listed by l2.Apews.org at the time (listed now though).

    ReplyDelete
  2. please remove ip address 87.101.137.10 from the list

    Thanks

    Oooops 87.101.137.10 is currently listed in APEWS :-(
    Entry matching your Query: E-409666
    87.101.128.0/20CASE: C-1375
    Spambots/zombies within CIDRHistory:
    Entry created 2010-08-28

    ReplyDelete
  3. Can you assist, our company has a /20 that is included in this mess.
    How / what is the best way to reduce this into more reasonable networks ?

    Entry matching your Query: E-431420
    96.44.0.0/15CASE: C-1375

    ReplyDelete
  4. Please remove ip addrss 82.207.26.222 from the list.
    Thanks


    Oooops 82.207.26.222 is currently listed in APEWS :-(
    Entry matching your Query: E-409206
    82.207.0.0/19CASE: C-1375
    Spambots/zombies within CIDRHistory:
    Entry created 2010-08-27

    ReplyDelete
  5. Hi APEWS,

    Please remove this ip address from your black lists.

    Appreciate your immediate action.

    Thanks,
    Jowen

    ReplyDelete
  6. Hi APEWS,

    Please remove this ip address from your black lists.

    175.137.85.122

    Appreciate your immediate action.

    Thanks,
    Jowen

    ReplyDelete
  7. Hi APEWS,

    Please remove my IP from your database blacklists:

    Oooops 113.160.38.5 is currently listed in APEWS :-(
    Entry matching your Query: E-519917
    113.160.32.0/19CASE: C-1375
    Spambots/zombies within CIDRHistory:
    Entry created 2012-04-09

    Thank you.

    ReplyDelete
  8. hi APEWS,

    please remove my IP from your database

    Oooops 202.152.50.243 is currently listed in APEWS :-(
    Entry matching your Query: E-408841
    202.152.48.0/20CASE: C-1375
    Spambots/zombies within CIDRHistory:
    Entry created 2010-08-27

    thanks

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. Hi APEWS
    Please remove my IP from your database

    Oooops 113.160.52.146 is currently listed in APEWS :-(
    Entry matching your Query: E-519917
    113.160.32.0/19CASE: C-1375
    Spambots/zombies within CIDRHistory:
    Entry created 2012-04-09

    ReplyDelete
  11. Hi APEWS
    Please remove my IP from your database

    Oooops 85.25.198.74 is currently listed in APEWS :-(
    Entry matching your Query: E-1337236
    85.25.198.0/24
    CASE: C-1474
    Spammer or scammer or scanner or zombie PC or other within this CIDR
    History:
    Entry created 2014-04-01

    ReplyDelete