|
|||||||||||||||||
|
|||||||||||||||||
Glossary - False positive A "false positive" is a result that is erroneously positive under circumstances where such results are normally unexpected. For example, if a person eats poppy seeds (commonly added to some types of bagels), a drug abuse test could lead to a "false positive" result for cocaine use, despite the non-narcotic nature of this food additive. Blocking sources of spam by IP address In the context of using a blacklist to block inbound messages from IP addresses known to be sources of spam, there are no "false positives" where a listing error (e.g., technical, human, etc.) did not occur; administrators expect that all eMail communications from listed IP addresses will be blocked, regardless of message content. The purposes of using anti-spam blacklists on mail servers include, but are not limited to, the following reasons:
The point of blocking an IP address is that those responsible for it will know that their system is emitting spam, either by way of system error reports or end-user complaints; with this knowledge, the operators can take appropriate steps to stop the spam (e.g., by fixing security problems, terminating spammer accounts, etc.). Due to the common practice of ISPs to use a small number of IPs for outbound mail for many different clients, the more popular blacklists are actually more effective at applying pressure to ISPs who don't take the spam problem seriously. For a blacklist that works on a basis of IP addresses (as the vast majority do), it's not possible to differentiate between what is or isn't spam, nor should it be the job of such a blacklist since this could potentially require eMail content inspection or other related techniques (e.g., blacklists that catalogue internet domain names instead of IPs {which are also very effective}). Social impact One essential point is that when the IP address of a system is blocked due to blacklist inclusion that it is the IP address that is listed, and not an individual user. The operators who choose to use a given blacklist obviously agree with its criteria, removal options (if any), points of contact (if any), and democratic procedures (if any), or else they wouldn't use it. To call it a "false positive" when legitimate eMail is blocked is actually confusing the issue. Unfortunately, claims of "false positives" by spammers or ill-informed third-parties often arise. The spammers are being manipulative. The ill-informed third-parties, who are sometimes being manipulated, are usually end-users who have been provided with incorrect information about the criteria of the blacklist, the responsible parties, etc. An ill-informed user who just wants to send eMail will sometimes complain to the blacklist user that "my ISP said you need to stop using that list because it has too many false positives," but after directing them to links that show the spam evidence (e.g., a Google search of NANAS for the offending IP) and explaining that IPs that are sources of such unethical/disgusting content (usually it's not too difficult to find spam samples that include filthy concepts describing actions involving certain human organs, animals, young children, etc.), the user then goes back to their ISP to demand that they fix the problem.
Claiming that the blockage of an IP address is a "false positive" is an inaccurate way to explain what's actually happening, and that leaves users with the incorrect impression that blacklists are dysfunctional. Calling it "listing/blocking known sources of spam" is factual, and clearly does not invite the wrong impression, but this is not as easy to say as the word "blacklist." See also
|
|||||||||||||||||
[Home] [Profile] [Glossary] [Library] [Resources] [Tools] [FAQ] [Site map] [Contact us]
Copyright © Inter-Corporate Computer & Network Services, Inc. All rights reserved. |