Archive

Articles taggués ‘false positives’

For Trend Micro the Internet is full of spammers …

We are having since recently more and more problems when sending e-mail to users having a Trend Micro product installed, especially one with a RBL service.

The error you can see is more or less this one :

<recipient@domain.com>: host mail.domain.com[xx.xx.xx.xx] refused to talk to me: 550 Service unavailable; Client host [your.ip] blocked using Trend
Micro RBL+.Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=your.ip

This is a rather « usual » RBL reject message and we are using similar techniques but with a major difference : we carefully choose the lists according to the weighted false positive/spam ratio !

We asked Trend Micro to remove many many addresses that were listed in fact all on their DUL list (that should by its name only list Dynamic IP addresses). They simply listed a major part of the Internet in this list waiting for ISP to themselves take time to ask Trend Micro to remove the IP ranges.

It makes me laugh a lot since ISP have no care at all of one severely flawed service provider and it’s not their business to spend time doing this ; they have much more important things to do on the networks…

Trend Micro administrators seem to not be able to simply read a WHOIS record, we showed them many that clearly stated « static pool » or « statically allocated PA » but they were not able to understand (a 4 year-old English reading kid would do better …)

My conclusion is very simple : do not use Trend Micro products at all ! Their RBL are completely flawed with false positives (so they remain useless) and since their technical team doesn’t want to check « manually » when we gently ask for removal, you should avoid anything they do ! (Actually, to me, this kind of refusal to do something that is their business shows clearly how they respect their customers and manage their services …)

And even if some major companies seem to still use their products, you’ll see very soon that either Trend Micro will handle requests correctly and politely or otherwise they will not sell any of their RBL/DUL/RBL+ embedded product anymore. If you are one of their customer, you should contact them about this problem to show your interest of being able to receive legitimate e-mails …
By the way, for administrators paying only for access to their RBL+ service you really should try other free and more efficient RBLs, like zen.spamhaus.org. This one is much much better !