As you can see, the last false positive that we found was on Feb 9 and nothing since. We are the only ones to have published email headers in support of those false positives and each one has been delisted by the APEWS.org Administrators. The folks you have seen posting removal requests here are people that believe that their IP addresses should not be listed. We have seen that most, but not all, have been delisted.
The SPEWS listing model was to use whole CIDR blocks in order to pressure the ISP. It involved listing the entire block without regard for individual IP addresses and therefore there was collateral damage which was not favored by many. In order for that method to work it requires that users tolerate the collateral damage until such time as the ISP cleaned up the CIDR. That method was flawed because users, network Administrators etc, would rather tolerate spam than collateral damage.
After analysing the APEWS.org data over a period of time we can see that they are no longer following the same model as SPEWS. A few years ago when they first became a replacement for SPEWS, it could have been said that their method was very close if not the same. However, the fact that false positives have reduced dramatically and having probed the listed CIDR, APEWS.org seem to be cutting holes in CIDR for trusted senders and accordingly reducing collateral damage leaving a binary reputation index.
Just to follow on, since the number of false positives has dropped, the FP is practically 0% for us on our networks. What is interesting is that the TP, the correct identification of spam, has been rising to almost 99%. One of the mailboxes we checked recently has emails from a Gmail address forwarded to it and there were 3 spam in the inbox. 2 spam had been forwarded by Gmail servers and the 3rd spam was from an IP address not listed by l2.Apews.org at the time (listed now though).
ReplyDeleteplease remove ip address 87.101.137.10 from the list
ReplyDeleteThanks
Oooops 87.101.137.10 is currently listed in APEWS :-(
Entry matching your Query: E-409666
87.101.128.0/20CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2010-08-28
Can you assist, our company has a /20 that is included in this mess.
ReplyDeleteHow / what is the best way to reduce this into more reasonable networks ?
Entry matching your Query: E-431420
96.44.0.0/15CASE: C-1375
Please remove ip addrss 82.207.26.222 from the list.
ReplyDeleteThanks
Oooops 82.207.26.222 is currently listed in APEWS :-(
Entry matching your Query: E-409206
82.207.0.0/19CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2010-08-27
Hi APEWS,
ReplyDeletePlease remove this ip address from your black lists.
Appreciate your immediate action.
Thanks,
Jowen
Hi APEWS,
ReplyDeletePlease remove this ip address from your black lists.
175.137.85.122
Appreciate your immediate action.
Thanks,
Jowen
Hi APEWS,
ReplyDeletePlease remove my IP from your database blacklists:
Oooops 113.160.38.5 is currently listed in APEWS :-(
Entry matching your Query: E-519917
113.160.32.0/19CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2012-04-09
Thank you.
hi APEWS,
ReplyDeleteplease remove my IP from your database
Oooops 202.152.50.243 is currently listed in APEWS :-(
Entry matching your Query: E-408841
202.152.48.0/20CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2010-08-27
thanks
This comment has been removed by the author.
ReplyDeleteHi APEWS
ReplyDeletePlease remove my IP from your database
Oooops 113.160.52.146 is currently listed in APEWS :-(
Entry matching your Query: E-519917
113.160.32.0/19CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2012-04-09
Hi APEWS
ReplyDeletePlease remove my IP from your database
Oooops 85.25.198.74 is currently listed in APEWS :-(
Entry matching your Query: E-1337236
85.25.198.0/24
CASE: C-1474
Spammer or scammer or scanner or zombie PC or other within this CIDR
History:
Entry created 2014-04-01