spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNSWL will be disabled by default as of

Re: DNSWL will be disabled by default as of tomorrow

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Mon Dec 12 2011 - 18:53:51 GMT
To: Daniel McDonald <dan.mcdonald@austinenergy.com>

On 12/12/2011 1:35 PM, Daniel McDonald wrote:
> Can I ask you a fairly blunt question?
>
> What action could they have taken that would have caused you to notice that
> you were engaging in abusive miss-use of their service by continuing to
> forward your requests through google?
>
> I'm quite serious. DNSBLs have this problem of never being able to get rid
> of the queries from sources that appear to be abusive. What can be done so
> that a part-time admin will take notice and fix their equipment? A log
> message? Special header in every e-mail? Change the subject line to "you
> have Spamassassin integrated wrong!"? Or a visit from Guido and some of the
> boys, trying to make an offer you can't refuse?
>
> In this case, they moved you to action by causing your customers some grief.
> That made you look into the issue, get guidance that you really need to run
> a local recursive caching DNS server in order to get clear answers from
> DNSBLs, and then I imagine you fixed the problem. How else could they have
> let you know?
There is nothing an RBL admin can do to guarantee access to the admin of
a downstream server. The use of DNS is purposefully done to provide a
distributed network and purposefully giving wrong answers is DNS poisoning.

If you choose to run an RBL, you have to know you might need to
blackhole requests from people that don't follow the access rules.
Sending an incorrect answer to get someone's attention is akin to firing
a few rounds through a window to get the attention of the window cleaner.

However, I would love to see RBLs get together and come up with a
specific "this is a "non-answer" answer" that can be programatically
used. However, realize that many RBLs are designed to be implemented in
FAR simpler situations than SA that can only deal with yes/no.

Regards,
KAM