-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Oetting wrote:
No one is forced to use any DNS block list. Therefor, any harmful
effects of the DNSBL can only be because they are the best alternative
currently available. The response I would prefer to see is the building
of a better block list system to address any shortcomings of the
current DNSBL systems.
One particular issue brought up in the draft is that the current block
lists don't adequately deal with bot-nets. If the block list could
respond fast enough, each individual bot could be blocked before it
could deliver a substantial amount of spam. And if used in conjunction
with grey listing the entire spam run could be stopped without inducing
collateral damage.
I don't think a remark like that in the Church draft belongs in a BCP.
Furthermore, define "adequately" ;-)
Be that as that may, before taking it seriously, you do have to verify it.
The CBL's reaction time, for example, seems to have improved greatly of
late, and the CBL's particular forte is bots. Coupled with greylisting,
that should catch just about everything, including that sent before the
CBL notices the IP. So, we already have what you suggest.
Given that here the CBL alone is responsible for approximately 80% of
our blocking (others variously report from 60-85%), and approximately
only 3% of _all_ spam gets through (the remainder are caught by our
other mechanisms, some DNSBL, some content), I don't think it can be
said that blocklists in general aren't dealing reasonably well with
bots. Not with perfection - nothing is. But pretty darn good.
Is that "adequate"? Perhaps. Perhaps not. But it's certainly better
than any of the alternatives.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows 2000)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQCVAwUBRCl5v53FmCyJjHfhAQIw1QP+PDQlw1+WrhNWQPcHmYZnRSaDHK0ssWDX
erlfeYe+nXER8AvnR6O7z2l2iEjmGTL01k3KRO2VGesNfqzwV/gIqplr2DoxR1ec
lzf6bq427YDbx2F9yF87VMaaqir86yItMdsjCjZrPaQHtrT0lvVbTuL7VWQuZWm4
XgEGG7Pt854=
=N+Po
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg