Spamcop.net RBL blocking emails by mistake?

[Matt Kettler]

Rob Morin wrote:
> Is it possible to get a false positive back from spamcop.net's RBL ?

As many folks have already said, yes, you WILL get FPs from any RBL.

However, nobody has pointed out that the spamassassin STATISTICS file has
information on FP rates...

According to SA 3.1.0's STATISTICS-set1.txt and set3, RCVD_IN_BL_SPAMCOP_NET has
a S/O of 0.986. This means that 98.6% of messages matching the rule were spam.
It also means that 1.4% were nonspam.

So yes, you'll get false positives, quite frequently in fact.

> 
> I have been getting some complaints about spam being deleted, because it
> is seen as being on spamcop.nets list, so it gets a score of 10 and gets
> deleted....

So, why did you change the score of RCVD_IN_BL_SPAMCOP_NET to be such a huge
value? Did you not understand that the scores that come with SA are based on
tests of real-world email, and should only be changed carefully?

There's a obvious reason why SA 3.1.0 only gave this rule a score under 1.6. It
FPs way too often to be scored higher.

Really, there aren't any rules that come with SA besides GTUBE that are
sufficiently accurate to have a score greater than 6.0. It's almost impossible
to write any rule that has a zero false-positive rate unless it's so specialized
it matches very little mail and is a waste of CPU time.

Even close-to-zero is tough, although several rules in SA do have a S/O of 1.000
(ie: less than 0.1% FP rate). Personally, I'd want to see a rule be more like
0.001% before giving it such a high score, but the SA statistics files don't
track enough significant digits to represent that.

> I checked the IP and it was not listed. Is it possible to be listed at
> 7AM and then removed at 10AM? Plus its a gmail.com account/IP

Yes, spamcop listings are highly dynamic. Sometimes an IP will get listed
because of a flood of complaints, and then quickly get de-listed when it appears
to be owned by a well-behaved network that has terminated the responsible party.