[Operators] DNSBLs

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 18 11:15:34 CST 2009


On 11/18/09 9:39 AM, Sean Dilda wrote:
> Norman Rasmussen wrote:
>> I was under the impression the DNS block lists don't work well anymore
>> (too many false positive, not enough true negatives)
> 
> DNS block lists are commonly used by many organizations and large
> companies.  Often they're used as one of several factors in deciding if
> the email received is spam.

How is your DNSBL built? What are the inputs? How does the operator of
an XMPP service find out if their domain or IP address is listed? Do you
return a particular stream error to entities that are on the DNSBL? How
does a service remove itself from the list? Where is the list maintained
and by whom? How does someone access the list? What if the machine on
which the DNSBL is located gets hacked? Does this introduce a single
point of failure or attack for the XMPP network?

I have many questions. :)

>> XMPP validates the sending server via tls and/or dns (dial-back), so
>> it removes many of the unauthenticated problems of SMTP.  XMPP are
>> also working on allowing servers to inter-operate (XEP-0158, XEP-0159
>> and XEP-0161) to help block clients clients that are spamming.
> 
> XEP-0158 doesn't help an individual account (or rogue jabber server)
> sending out spam to users instead of chat rooms.

Correct.

> XEP-0159 and XEP-0161 are listed as deferred and not to be implemented.
>  Do they really count for this conversation?

XEP-0159 does not.

XEP-0161 does not, but it has been superseded by XEP-0268, so I shall
add a note about that to XEP-0161.

Personally I would prefer a decentralized technology like XEP-0268 to a
centralized DNSBL. But I'd like to find out more about the DNSBL used by
jabber.ru before making any definitive judgments.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091118/e4ed02ee/attachment.bin>


More information about the Operators mailing list