On Oct 19, 2011, at 10:24 AM, Derek J. Balling wrote:
, based on data that is often irrelevant, without any accountability?
You're right. In fact, to be honest, we should definitely just do without DNS
entirely. Because DNS data itself is often irrelevant, out of date, with no
real accountability towards getting it corrected.
DNS is often out of sync with reality, but generally there is some
accountability. Presumably the owner of domain foo.com has an interest in
making sure that foo.com's RRs are correct and up-to-date, and will hire
someone to maintain the foo.com zone who can see to that.
But as you point out, DNS often works poorly even for zones that have a direct
interest in being correct and up-to-date. DNS RBLs are at least two steps
worse than that: (1) they make assertions about other parties without any
accountability to those parties, and (2) even assuming that DNS is perfectly
up-to-date, an IP address is a poor indicator of whether a message sourced from
that address is likely to be spam (and getting worse all the time with the
introduction of LSNs).