[Operators] DNSBLs

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 18 21:01:41 CST 2009 

On 11/18/09 6:54 PM, Sean Dilda wrote:
> Peter Saint-Andre wrote:
>> On 11/18/09 9:39 AM, Sean Dilda wrote:
>>> Norman Rasmussen wrote:
>>>> I was under the impression the DNS block lists don't work well anymore
>>>> (too many false positive, not enough true negatives)
>>> DNS block lists are commonly used by many organizations and large
>>> companies.  Often they're used as one of several factors in deciding if
>>> the email received is spam.
>>
>> How is your DNSBL built? What are the inputs? How does the operator of
>> an XMPP service find out if their domain or IP address is listed? Do you
>> return a particular stream error to entities that are on the DNSBL? How
>> does a service remove itself from the list? Where is the list maintained
>> and by whom? How does someone access the list? What if the machine on
>> which the DNSBL is located gets hacked? Does this introduce a single
>> point of failure or attack for the XMPP network?
>>
>> I have many questions. :)
> 
> Peter,  Who was that directed at?   You responded to my post, but it
> sounds like you're asking about Evgeniy Khramtsov's implementation for
> jabber.ru.

Indeed, I was curious about the jabber.ru deployment. I just happened to
reply to the most convenient message. :)

> However, I will give input on the last few and my thoughts on how it
> *should* be done.  In the email world there are several independent
> organizations which host dnsbls.  Each one has their own standards for
> identifying a spamming site and their own policies for removal, etc.
> Some are known to be very quick to add a site and thus result in many
> false positives, whereas others are more conservative as to what sites
> they add.  As such, each site admin is able to choose which dnsbls they
> wish to listen to and how much weight to put on each DNSBLs data.

Well, at least that reduces my concern about a single point of failure
and attack...

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091118/19a84ca4/attachment.bin>

More information about the Operators mailing list