[Operators] DNSBLs

Sean Dilda sean at duke.edu
Wed Nov 18 19:54:26 CST 2009


Peter Saint-Andre wrote:
> On 11/18/09 9:39 AM, Sean Dilda wrote:
>> Norman Rasmussen wrote:
>>> I was under the impression the DNS block lists don't work well anymore
>>> (too many false positive, not enough true negatives)
>> DNS block lists are commonly used by many organizations and large
>> companies.  Often they're used as one of several factors in deciding if
>> the email received is spam.
> 
> How is your DNSBL built? What are the inputs? How does the operator of
> an XMPP service find out if their domain or IP address is listed? Do you
> return a particular stream error to entities that are on the DNSBL? How
> does a service remove itself from the list? Where is the list maintained
> and by whom? How does someone access the list? What if the machine on
> which the DNSBL is located gets hacked? Does this introduce a single
> point of failure or attack for the XMPP network?
> 
> I have many questions. :)

Peter,  Who was that directed at?   You responded to my post, but it 
sounds like you're asking about Evgeniy Khramtsov's implementation for 
jabber.ru.

However, I will give input on the last few and my thoughts on how it 
*should* be done.  In the email world there are several independent 
organizations which host dnsbls.  Each one has their own standards for 
identifying a spamming site and their own policies for removal, etc. 
Some are known to be very quick to add a site and thus result in many 
false positives, whereas others are more conservative as to what sites 
they add.  As such, each site admin is able to choose which dnsbls they 
wish to listen to and how much weight to put on each DNSBLs data.


More information about the Operators mailing list