spamassassin-dev December 2011 archive
Main Archive Page > Month Archives  > spamassassin-dev archives
spamassassin-dev: Draft of my submission to the PMC for DNSBL In

Draft of my submission to the PMC for DNSBL Inclusion Criteria

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Tue Dec 13 2011 - 21:56:41 GMT
To: SpamAssassin PMC List <>, SA Mailing list <>, SpamAssassin Devel List <>

I used several years worth of notes to come up with the information
below. It needs more polish and it is my very first rip and shred. I
am also certain that I've missed some great points others have made.

So I am posting this to solicit feedback on this draft so I can then
submit it to the PMC for approval.

Just to be very clear, this is NOT a draft approved by the PMC but it is
based heavily on consensus and many many threads from committee members.


Apache SpamAssassin PMC Criteria for DNSBL Inclusion [DRAFT]

GOAL: To produce an objective criteria for inclusion of DNS-blocklists
(DNSBLs) including free and semi-commercial services that promotes the
ability to include more tests in a manner that is fair to the community
and the service provider.

All services, whether free, commercial or semi-commercial services must
meet this criteria for default inclusion in SpamAssassin's rules:
- May not block queries by returning purposefully wrong answers from
over-quota or abusive IPs.
- The usage policy and any limits or restrictions must be documented and
publicly visible with clearly defined terms. (Terms such as "heavy
load" are not acceptable).
- Should be "free for most" installations.
- May use limits such as DNS query limits per day but may not limit on
the number of users or other arbitrary caps that can't be correlated to
a direct increase in expenses.
- Should use a query response and rule that indicates a system is over
limit. Such response must adds substantial no scoring difference and
link only to a generic DNSBL Block page such as
- Must have an existing or planned infrastructure capable of the
anticipated query load.
- Must give the project permission to include the rules by default.
- Daily query limits that have limited to 100k queries per day have been
considered acceptable.
- Free access by request to rsync feeds for RBLDNSD is considered
unlimited access.
- The addition of new blocklists should be done only in conjunction with
a new major release and should be version encapsulated so that existing
admins can decide to use them if possible in older installations.
- A formal vote in bugzilla is required before a network-based test is
added to a sandbox.
- Blocklists must meet acceptable mass-check scoring critera to be
considered for default inclusion. Testing is mandatory and the higher
the S/O, the better.
- May not have significant reliability issues.
- Must have clear rules and procedures that are followed uniformly for
listings and de-listings.
- May not accept funds to remove/list/delist/expedite or otherwise
non-objectively handle their lists.
- Should use lastexternal or lasttrusted testing unless there is an
overwhelming benefit otherwise.
- May require signing up for an account / mailing list / etc. for the
purpose of notifying Admins of changes and problems.

Semi-commercialized services aka "Free for Some" must meet this
additional criteria for default inclusion in SpamAssassin's rules:
- Must be free for any kind of person or organization to use,
commercial, government, or home user.
- May impose licensing limitations on use as a "anti-spam reseller" or
directly reselling spam filtering services.
- Must not attempt to retroactively bill users that have exceeded any
free limits.
- May not be a trial or limited time offer.

Services that are completely commercial are not eligible to be enabled
by default.

-- *Kevin A. McGrail* President Peregrine Computer Consultants Corporation 3927 Old Lee Highway, Suite 102-C Fairfax, VA 22030-2422 703-359-9700 x50 / 800-823-8402 (Toll-Free) 703-359-8451 (fax) <>