Just chiming in here a little. False positives is to be expected in any spam filtering system. Even commercial systems which cost thousands of dollars have false positives. The false positive rate produced here is actually quite low and commendable. IMHO, One of the reason the issue gets more attention is because there is a lag time (due to sync and download from mirrors) from the time the false positive is reported and when they are removed and rolled out on the next update. Compared to your traditional DNS bases SURBLs which have near realtime updates. So while false positives do occur in surbls, etc they have an advantage of correcting the FP in realtime. I feel that with time and usage and as the URL based signatures mature ,the false positives rate would drop. In the meantime perhaps we can look into a more structured way of reporting FPs so that these could be looked into more quickly. In addition, Perhaps one way would be to include the unconfirmed /probable false positives in a local.ign file which would be downloaded together with the sigs Cheers