On Mon, Apr 03, 2006 at 10:51:24AM +1000, Laird Breyer wrote
Yes, and you're appreciated for it. But if the answer is easy enough
to dismiss it won't stop the next person from deeming dnsbls harmful
yet again. There's a lot of folklore and crap on the net, and that's
the environment in which opinions are formed. The ASRG doesn't have
the luxury of dismissing ideas from the (valuable) experience of its
members only.
Maybe the only permanent answer is to...
- *not* deny that there may be *SOME* harm from DNSBLs
- but show that there is *MORE* harm in *NOT* using them
In Chris' case...
- how many messages do his sytems reject per day?
- how much additional DASD farm would be required to store the
messages that wouldn't be rejected?
- how much additional CPU power would be required to crunch those
no-longer-rejected messages through Church's pet filters?
- how much additional air-conditioned and fully-powered computer rack
space would Chris' employer have to rent or buy+maintain to house
the additional storage+servers required in the 2 previous points?
- how much would it cost to pay for additional salary and benefits,
and office-cubicle space, and desktop PCs that would be required for
the extra employees to maintain+operate the extra storage+servers
identified above?
And furthermore, remember that in the case of a false-positive...
- a DNSBL will send a 5XX reject to a legitimate sender's MTA, which
will notify the sender of the reject.
- a content-filter will bury the email in a "spam folder" with
thousands of real spam, where it'll probably never be found. The
sender will believe that the intended recipient has received the
message and ignored it, while the intended recipient will believe
that the sender hasn't sent the message.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg