On 6/27/2011 5:43 PM, Blaine Fleming wrote:
On 6/27/2011 3:26 PM, Warren Togami Jr. wrote:
http://www.spamtips.org/2011/06/emergency-sem-rules-mistaken-enabled.html
And now it is back again, except as T_ rules, which is just as bad
because it is causing an unexpected flood of DNS traffic to SEM.
We need an emergency rule update to stop this flood, then to investigate
why our auto-rule promotion code is still broken.
The auto-blacklisting policy for excessive abusers was disabled the
second I suspected the rules were pushed out again and won't be turned
back on for another few weeks.
Thanks. Theoretically, they will only get a +/- of a neglible amount
since the rules properly were flagged as test rules so your reaction is
much appreciated.
The public servers have no problem
absorbing this increase in query volume.
Excellent. In that case, we can let the normal updates run their course
and I appreciate you bringing this to our attention. We'll get it fixed
and likely sacrifice another intern to the Spam gods to appease you. Good?
I'm more concerned about end
users doing the right thing with automatic updates suddenly seeing a
spike in their outgoing DNS traffic to a service they never agreed to
use.
It will be resolved in about 24 hours when the next auto update goes out.
I personally feel that SA should not have any blacklist rules
enabled by default though so that has a lot of impact on my concern with
all this.
We'll agree to disagree but I do understand your point of view. To me,
fighting spam is 33% content analysis, 33% pathway analysis and 33%
distributed analysis like RBLs.
I appreciate the prompt response with this whole thing and please let me
know if there is anything I can do to help.
You've been great just letting us know you saw the issue. Appreciate
very much your understanding!
Regards,
KAM
