> It differs because I am saying they *should* remain listed forever. False positives are far worst than false negatives for businesses. Some blacklists do not tolerate a FP of more than 1%.
Blacklists are behind the line as they don't fight zero-hour attacks, and the only reason why blacklists are appeasing is really their low FP rate. This is why Google made a blacklist to fight phish and malware --- Google wanted FP that is well below 1% (0.04% IIRC) A blacklist with high FP, such as SORBS, is no use. We'd better use heuristics, at least we can fight zero hour attacks with <= FP rate. My 0.02. --- Mahmoud Khonji