spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: DNS{B,W}Ls and blocking (was Re: DNSWL w

Re: DNS{B,W}Ls and blocking (was Re: DNSWL will be disabled by default as of tomorrow)

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Tue Dec 13 2011 - 15:18:19 GMT
To: "David F. Skoll" <>

On 12/13/2011 9:21 AM, David F. Skoll wrote:
> I think we need an informational RFC that specifies best-practices for
> a DNS{B,W}L to inform clients that they have been blocked.
> For example, a testpoint like:
> could return an A record for name servers that are blocked and NXDOMAIN
> for others. This might even work out-of-the-box for some existing lists
> that return an A record for any query (or it may not, if they expect
> a reverse-dotted-quad.)
> It could even return a TXT record giving the reason for the block.
> Anyway, assuming this idea is widely-accepted (hahaha!), it would be pretty
> easy to make something that periodically tests your list of DNSBLs and
> disables those that are blocking your query.
This was mentioned as a possibility and it's a good idea.

But from SA's perspective, though, it means that it requires code. And
the big issue is NOT the delays. The big issue is the purposefully wrong

The code-requirement for a fix means that this new policy is delayed at
least 6 months after a major release for SA based on So if we miss this
code getting into 3.4.0, that means it waits until 3.5.0 (or 4.0.0) + 6
months. If someone wants to submit code to actually do it, that'd be
great. But it's a got a delay before it matters either way.

I've opened a ticket towards an
immediate solution.