|Main Archive Page > Month Archives > spamassassin-dev archives|
I used several years worth of notes to come up with the information
below. It needs more polish and it is my very first rip and shred. I
am also certain that I've missed some great points others have made.
So I am posting this to solicit feedback on this draft so I can then
submit it to the PMC for approval.
Just to be very clear, this is NOT a draft approved by the PMC but it is
based heavily on consensus and many many threads from committee members.
Apache SpamAssassin PMC Criteria for DNSBL Inclusion [DRAFT]
GOAL: To produce an objective criteria for inclusion of DNS-blocklists
(DNSBLs) including free and semi-commercial services that promotes the
ability to include more tests in a manner that is fair to the community
and the service provider.
All services, whether free, commercial or semi-commercial services must
meet this criteria for default inclusion in SpamAssassin's rules:
- May not block queries by returning purposefully wrong answers from
over-quota or abusive IPs.
- The usage policy and any limits or restrictions must be documented and
publicly visible with clearly defined terms. (Terms such as "heavy
load" are not acceptable).
- Should be "free for most" installations.
- May use limits such as DNS query limits per day but may not limit on
the number of users or other arbitrary caps that can't be correlated to
a direct increase in expenses.
- Should use a query response and rule that indicates a system is over
limit. Such response must adds substantial no scoring difference and
link only to a generic DNSBL Block page such as
- Must have an existing or planned infrastructure capable of the
anticipated query load.
- Must give the project permission to include the rules by default.
- Daily query limits that have limited to 100k queries per day have been
- Free access by request to rsync feeds for RBLDNSD is considered
- The addition of new blocklists should be done only in conjunction with
a new major release and should be version encapsulated so that existing
admins can decide to use them if possible in older installations.
- A formal vote in bugzilla is required before a network-based test is
added to a sandbox.
- Blocklists must meet acceptable mass-check scoring critera to be
considered for default inclusion. Testing is mandatory and the higher
the S/O, the better.
- May not have significant reliability issues.
- Must have clear rules and procedures that are followed uniformly for
listings and de-listings.
- May not accept funds to remove/list/delist/expedite or otherwise
non-objectively handle their lists.
- Should use lastexternal or lasttrusted testing unless there is an
overwhelming benefit otherwise.
- May require signing up for an account / mailing list / etc. for the
purpose of notifying Admins of changes and problems.
Semi-commercialized services aka "Free for Some" must meet this
additional criteria for default inclusion in SpamAssassin's rules:
- Must be free for any kind of person or organization to use,
commercial, government, or home user.
- May impose licensing limitations on use as a "anti-spam reseller" or
directly reselling spam filtering services.
- Must not attempt to retroactively bill users that have exceeded any
- May not be a trial or limited time offer.
Services that are completely commercial are not eligible to be enabled
-- *Kevin A. McGrail* President Peregrine Computer Consultants Corporation 3927 Old Lee Highway, Suite 102-C Fairfax, VA 22030-2422 http://www.pccc.com/ 703-359-9700 x50 / 800-823-8402 (Toll-Free) 703-359-8451 (fax) KMcGrail@PCCC.com <mailto:email@example.com>