On Thursday, January 19, 2006, 6:50:32 PM, Dave wrote: DK> My bet is that either OB or WS trees of SURBL are the culprit. I've seen DK> false postives from them before. Can your bot isolate the subs of the multi DK> lookup and only use the more reliable ones like JP, SC, etc?
I'm not sure about that. I'll have to check. It's an interesting theory. We have had some odd FPs like this before, but never in any great numbers. DK> Also, these DK> are dynamic services and can change at any time... Sometimes in minutes. DK> What does your software do in terms of caching those results? We keep them until they either fall off the map due to no hits or they are removed for false positives. We've felt reasonably good about that up 'till now given that we generally get to review the rules that are coded, and that it's hard for them to get into the rulebase -- it takes much more than just being in SURBL to get in, so we're only coding a subset of the matches that hit clean spamtraps. -- again, in theory... The plan now is to rebuild the bots from scratch once we get the time in our development schedule for that work. In the mean time, we'll be looking for possible explanations for what happened. ... keep in mind that SORBS tests went crazy at precisely the same moment. The chances of that coincidence is pretty small. None the less, at this point all theories are welcome... One other piece of data is that the resolvers in question have been running at nearly 100%... it is possible that under these conditions they produced bad results, or perhaps produced some anomaly that caused the results to be interpreted incorrectly - for example, as pointed out in the pearl:DNS bug that was recently brought to my attention, result packets might have been delivered out of order or perhaps having some other unusual condition that caused the problems. Resolving that for sure would require some lab time we're not going to spend right now, but it does allow us to think about some things to test on the new bots before pressing them into service. Thanks, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
