In fact, the people who use these DNSBL blacklists do so only for a
short time, until they get burned and stop using them. That's what
happens routinely with SORBS.
If SORBS is your idea of a best-of-breed DNSBL, I can understand your
scorn. But it's not. You want to see a DNSBL done right, go look at,
say, the Spamhaus lists. Their Zen list is one of the best available,
perhaps even _the_ best, for general-purpose use.
In the 1990s, I found ORBS and Osirusoft scanning for open relays and
then abusing them. I discovered this by setting up open relays,
logging TCP connections, and submitting the relay to the blacklist.
After the blacklist scanned the relay, it began getting abuse with no
further scanning.
How long was it between setup and submitting? Between submitting and
abuse? I regularly see attempts to abuse hosts that do not run mailers
and never have; I believe there is malware out there that is basically
trying random - or, occasionally, sequential - addresses to discover
open relays. While I would be one of the last to defend a DNSBL that
"tests" hosts, I think what you saw is more likely evidence of the
relay being discovered independently than of a feed from the DNSBL to
the spammers.
But DNSBLs can't solve the problem when spam is sent via botnets.
That's actually true, but not for the reason you imply. DNSBLs can't
solve the problem _at all_; it's a social level problem and requires a
social level solution. Wnat DNSBLs do is mitigate the damage so that
we have at least middling-usable email while solutions evolve at the
social level.
Furthermore, you appear to think that all DNSBLs are reactive in
nature. This is not true; there are at least a few DNSBLs that
proactively list "large indistinguishable pool" addresses. In at least
one case, the pools are submitted to them by the providers that run the
pools. Using such a list puts a substantial crimp in direct-to-MX
spamming.
If the sending site uses a static IP address that stays static long
enough to be listed in a DNSBL, it probably isn't unsolicited spam.
"Probably"? What is it you are saying the probability of is high?
(Precision is important; there are reasonably plausible interpretations
of what you wrote that are almost tautological and there are other
reasonably plausible interpretations that are nowhere near true.)
There aren't many addresses, as a fraction of the Internet, that are
statically assigned and send spam. But the fraction is definitely
nonzero, and they tend to send a lot. DNSBLs work very well indeed
against those.
DNSBLs are not a magic bullet. But they are one of the more useful
tools - one of the few that is still useful even with large swaths of
the net using it.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse(_at_)rodents-montreal(_dot_)org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf