Hi,
I am a graduate student at the University of Southern California and am currently researching on the impact of false positives in blacklists. I am aware that spamassassin uses blacklists in its rule based system to stop spam messages. But since it is a rule based system, even if there are false positives in blacklists, there may be other rules which can influence spamassassin to mark it correctly. There are several other blacklists which are used to stop different attacks (eg phishing, DDoS, malware hosting etc). I was wondering if operators in general use external blacklists(uribl, spamhaus, spamcop etc) in the form of rule based system (like spamassassin) or use it outrightly to block all IPs listed in them. It will be great if you can take this four question survey, which can help me understand the usage of blacklists by operators. The survey consists of these questions - 1) The size of the network(s) you manage(in terms of customers) 2) List of external blacklists used. 3) How these blacklists are used? whether in a rule based system or outrightly blocked or both 4) If external blacklists are used in a non-rule based system, how do you overcome false positives? The link to the survey is below - https://docs.google.com/forms/d/e/1FAIpQLSe-hgYD-ifkFMyPHrqYL0b7jAkbWjOKiAQjh-oI4mYeiVQg2g/viewform Shivram
