Truncate
More Information
Truncate is very conservative. On most systems it can be safely used to reject connections!
The truncate zone is: truncate.gbudb.net
Q: What is returned for a bad IP?
A: 127.0.0.2
Q: What IPs are listed in truncate?
A: Message sources that produce exclusively (> 95%) spam and malware as seen by the worldwide network of Message Sniffer scanning engines.
Q: How accurate is it?
A: Pretty good. Emerging threats are often detected more quickly on Truncate than other lists, but Truncate isn't designed to catch everything. It has a short memory. It's also extremely good at avoiding false positives because Message Sniffer has an extremely low false positive rate and Truncate only skims a tiny fraction of that data. Don't take our word for it though (we don't). We keep an eye on Truncate using third party tools like this one:
Q: How do I submit IPs for truncate?
A: You cannot. IPs are listed in truncate automatically based on data from GBUdb.
Q: What is GBUdb?
A: GBUdb is a real-time, collaborative IP reputation system that is built into Message Sniffer.
Q: But, it comes from a database right?
A: No. The GBUdb nodes inside of Message Sniffer exchange data about IP activity as part of a colaborative machine learning process. The Truncate robot listens in on those conversations and posts a carefully selected part of it in near-real-time.
Q: How do I get an IP removed from truncate?
A: You cannot. IPs are removed automatically when the statistics change. If a system stops sending bad messages it's IP will be removed automatically.
Q: Can I pay to get off of Truncate? Seriously, how much?
A: NO!
Q: Do I need to use Message Sniffer to get / stay off of Truncate?
A: No! We do recommend that you use some kind of outbound message scanning to detect and prevent abuse. Message Sniffer is an excellent choice but you could use any tool you wish. For example, Spam Assassin is ubiquitous and free.
Q: I fixed the problem. How long does it take for an IP to be removed from truncate?
A: If the event was severe and a lot of bad messages were detected then it can take a week or more for the statistics to degrade enough for the IP to be removed. If the event was smaller then it might take only a couple of days. This assumes that no "good" messages are detected to offset these statistics. If good messages are detected from an IP by a system running Message Sniffer then the statistics will be offset much more quickly.
Q: Do you provide or recommend any tools to resolve or prevent truncate listings?
A: Upon request we may be able to put a trace on the IP to monitor GBUdb events. If GBUdb nodes are still "discussing" the IP then we can provide you with statistical data about these events along with UTC timestamps to help you track down the source of the problem. Beyond that we can recommend that you use Message Sniffer to protect your system from inbound spam and malware that might infect your customers or be forwarded by them; and also possibly for outbound message scanning to prevent abusive messages from escaping your system.