On 2/15/07, Stephanie Erin Daugherty <stephanie(_at_)ahbl(_dot_)org> wrote:
> One thing that strikes me as missing from the BCP is some guidance on
> usage and implementation in spam filtering and blocking applications.
> In particular, technical guidance regarding whether or not a DNSBL
> actually exists and can be queried. As I am learning from diving back
> in to the thick of DNSBL-related things lately, I see
> - Paul Vixie struggling with DNSBL traffic against rbl.maps.vix.com
> years after the RBL moved away from that FQDN.
> - Other lists randomly vanishing with no warning and continuing to get
> DNSBL traffic for years
> - Blars, for example, vanished in December and now lists the world.
> - LBL (lbl.lagengymnastik.dk) wound down in 2003 but still getting
> hits years later, resorting to listing the world.
> - The occasional ignorant sod who queries something like
> random.dnsbl.maps.com which causes unwanted traffic (and potential
> unwanted mail blocking) from various sites. (You'll note that maps.com
> has a wildcard, for example.)
>
One of the best pieces of advice I can give for this is to put a DNSBL
on a domain specifically registered for the purpose -- while it's
possible to run one within a subdomain, I would recommend strongly
against it, getting rid of the query traffic if you later shut down is
truly next to impossible, and if you have a dedicated domain, it's
easier to kill the nameservers for it that it would for a domain that
has to remain active even after the DNSBL dies.
I agree that it is probably unwise to use a DNSBL domain for anything
else, or to expect to be able to reclaim it when done with the DNSBL.
The recent shutdown of ORDB makes me suspect that abandoning the
domain after you're done with the DNSBL might not be good enough.
Here's why.
If I'm recalling this correctly, what happened was that ORDB killed
the DNSBL and left the domain configured with no nameservers in place.
This left the queries to die at the .org root level, and it basically
pounded the .org infrastructure flat. One of the folks in charge of
.org reached out to an anti-spam community and was able to reach back
to the blacklist maintainers and some other folks, to come up with a
plan to solve it. But, things definitely sucked for a few days, and
not every situation like this is so quickly resolved. And I assume the
fix simply siphons the traffic off to somebody else's network, instead
of actually stopping it.
So, leaving the domain behind definitely helps the network that
previously hosted the DNSBL, but it could potentially just push gobs
of queries upstairs.
(Some of this detail came from a discussion on a private mailing list;
I got permission from the person behind that discussion to reference
it here. I woudl also add that this isn't a shot at the ORDB folks;
more than anything it just highlights that there isn't a BCP to handle
these kind of things.)
Regards,
Al Iverson
--
Al Iverson on Spam and Deliverabilty, see http://www.spamresource.com
Message copyright 2007 by Al Iverson. For posts to SPAM-L, permission
is granted only to this lists's owners to redistribute to their sub-
scribers and to archive this message on site(s) under their control.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg