Spamhaus: False positive issue on Friday 10/13

A number of folks have reached out to me (and posted on various forums) asking about a Spamhaus glitch last Friday night (October 13th), US time. I reached out to Matthew Stith at Spamhaus and he was able to confirm for me that there was indeed a temporary issue then that led to a number of accidental/false-positive listings on the Spamhaus "XBL" Exploits Block List.

Matthew confirmed the following:

  • At approximately 1:15 UTC on Saturday, October 14th, there was an unexplained network outage that caused various databases to become unreachable.
  • This resulted in a rule to misfire, leading to a ten minute period of false positive (FP) listings.
  • The number of FPs caused by this outage were no more than 1,000.
  • As per our policy, these FPs were purged, as soon as an engineer was notified.

Matthew added, "There are ongoing investigations regarding the cause of the network outage. However, to prevent a repeat of this issue, various actions are being taken, including the update of rules to avoid a misfire in these circumstances."

Note that 1:15 am UTC Saturday is 8:15 pm US central time on Friday night. Also, given the nature of how DNS can potentially be cached, and the varying ways that the Spamhaus filtering datasets are shared and cached, it seems possible to me that while they found and fixed the error quite quickly, false positive blocking could have lingered for a while.

Thanks very much to Matthew Stith and Spamhaus for clarity and transparency around this recent issue.
Post a Comment