Quarantine Policy

Our general policy is to list IP addresses for a period of 30 days from the last spam received. We make some limited exceptions for ISPs and hosting providers which are detailed in our DNSBL Listing & Removal Policy. From time to time, we make other exceptions — when reasonably warranted. When spam is excessive or recurring, we will also occasionally lengthen the quarantine period.

It should be noted that the majority of non-dynamic removal requests come from networks with exploited machines. The pattern of spam makes them easy to spot. Often, the administrator will assert “We never send spam” which suggests that they are not even aware that they have an infected system. Sometimes, the administrator will indicate that they found and removed a virus when, in fact, we received additional spam moments prior to the removal request. We are not trying to punish people for their lapses in security. In contrast, we are trying to provide a reasonable period of time to ensure that a system is clean and has been kept clean. Moreover, we are providing an incentive to prioritize network security since a failure to do so infringes on the rights of other people not to receive spam from compromised machines.

The alternative is to charge people for removal with the proceeds going to charity. Aside from the additional time required for administration, the primary concern is that this approach may create a burden for smaller companies where the person responsible for network security might not have discretion over the expenditure of company funds. The quarantine approach seems far more economically neutral. For the record, people are constantly offering to throw money at us. We're not interested. Don't embarrass yourself by attempting to do so.