Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0
2007-03-02 23:54:59
Bill,
Thank you for the very insightful rebuttal to many of my arguments.
Bill Cole wrote:
At 11:19 PM -0500 3/2/07, Stephanie Erin Daugherty wrote:
I'll agree that its a horrible idea. At one point, a DNSBL could
effectively stop a lot of spam. Now, most DNSBL operators and DNSBL
users have realized that the technology long ago ceased to be useful
in stopping all but the most persistent and long-lived spam sources,
and compromised hosts.
That is not consistent with the evidence I have on hand.
I deal with multiple receiving sites (corporate and microdomain) and
know of none where the CBL fails to reject over 2/3 of all SMTP
connections or has ever had a detectable false positive rate greater
than 1 per million rejections over a period of over a month, with the
false positives coming in very brief episodes (commonly describable as
the consequences of ill-considered NAT designs.) For most sites, the
reject rate is usually in the 75-80%.
My experience has been different, but then I'm not administering mail
for a corporation or major provider either, so my experiences may not
match yours. My own, admittedly non-scientific, findings have been that
the more sophisticated spammers use compromised hosts almost immediately
after they are compromised, or make multiple brute force attempts via
various compromised hosts until they find one that's allowed to connect.
I think that's an appealing story that does not always describe
reality. I know there are some providers who respond to listings, but
there are some who simply don't, and are unimpeded by that for years.
The entity formerly known as UUNet (finally seeming to clean up a bit
since the VZ acquisition,) the 'new' AT&T (i.e. SBC,) Comcast, and
the Chinese Internet oligopoly seem impervious to the supposed
business impact of DNSBL's.
Unfortunately, it doesn't always work, but systematically escalating a
listing after each successive effort to negotiate with a provider has
gotten the attention of some of these large providers in the past.
Unfortunately, this is a big sharp stick that loses it's effectiveness
every time it's used - as many mail administrators will usually locally
white list any major provider that's blocked by a DNSBL they use, or
will stop using a DNSBL that's willing to block major providers.
However, when this is judiciously applied, and coupled with pressure
from the provider's own customers, it can work and has worked, at least
to a degree, but it's a very extreme measure that can only be used in
very extreme circumstances without major loss of a DNSBL's credibility
(and therefore it's effectiveness).
Spews (IANS) was somewhat limited in this regard, because although
they were willing to escalate listings, they had such a reputation for
doing so that most of it's users were hardcore spamfighters anyway, and
not large mail sites.
The UDP worked better when it was applied than anything in email can
because the news network is built on a fundamental building block of
explicit and strictly bilateral agreements to pass traffic. Sites that
have agreements with everyone they accept mail from don't have major
spam problems.
You may have hit the nail on the head here as to why current solutions
aren't working that well, and maybe that's an approach we should strive
for - an email system built on consensual agreements.
--Stephanie
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, (continued)
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, der Mouse
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Seth Breidbart
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Stephanie Erin Daugherty
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Chris Lewis
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Al Iverson
- Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Bill Cole
Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Martin Hannigan
|
|
|