At 3:57 PM -0400 2003/08/12, Chris Lewis wrote:
We know _exactly_ how each of the DNSBLs we're using work - their
effectiveness ratings, FP ratings, because we see and measure all of it.
Not true. You know how the first one in your list is operating,
at least to the level of rejections that result from it, and then
complaints that come when when those rejections appear to be
inaccurate.
You don't know how the next one would have done, if the first one
hadn't blocked that message. You don't know how many false negatives
made it through. And of the positives, you don't really know how
many are true and how many are false.
You would have to look up each address in all black lists (noting
both hits and misses, as well as the time of the lookup) before
making your decision, and you would have to use other means to
investigate the negatives that make it through the system and re-look
them up again at various recurring periods in time (to see if they
were added to the list after the message got through your system).
Then you would have to track which black lists result in the most
positive hits with the lowest false negative and false positive
ratios.
In other words, you'd have to look up every single address that
ever contacts your mail server (including ones that may get rejected
for other reasons before they would normally hit the black list
checks), in all black lists, re-query on a periodic basis, and track
all hits and all misses for all IP addresses, ad infinitum.
I'm pretty sure you don't do that. I've made an attempt at doing
that for ntp.org, at least in terms of ordering the black lists that
we do use.
There are a number of "ratings" services already that can be help
with the initial choice.
Really? Where are they? I'd like to make use of them....
[We have a DNSBL BCP which I should publish soon.]
I look forward to seeing it.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg