[Operators] DNSBLs

Jesse Thompson jesse.thompson at doit.wisc.edu
Wed Nov 25 12:04:09 CST 2009


Norman Rasmussen wrote:
> I was under the impression the DNS block lists don't work well anymore 
> (too many false positive, not enough true negatives)

Not true in terms of volume, but true in terms of the "quality" of the 
spam that is caught.  DNSBLs prevent 80-90% of our total email volume 
via greylisting and blacklisting.  They are also used as part of the 
spam classification heuristics for the spam that makes it through.

The spammers will try to use the easiest methods first.  So, if it is 
easy to set up a s2s spamming XMPP server, they will exploit this avenue 
until good XMPP DNSBLs are installed on the majority of services.


> XMPP validates the sending server via tls and/or dns (dial-back), so it 
> removes many of the unauthenticated problems of SMTP.  XMPP are also 
> working on allowing servers to inter-operate (XEP-0158, XEP-0159 and 
> XEP-0161) to help block clients clients that are spamming.

SPF and DKIM do not prevent spam email.  Domain authentication will 
allow you to whitelist.  Which is moderately helpful in preventing spam. 
  At best.

The unfortunate side effect of successful identification of 
untrustworthy domains is that the spammers shift their focus on 
compromising trustworthy domains.  They sign up for freemail accounts, 
and they phish for user credentials.

Jesse


> 
> On Sat, Nov 14, 2009 at 10:55 AM, Evgeniy Khramtsov <xramtsov at gmail.com 
> <mailto:xramtsov at gmail.com>> wrote:
> 
>     JFYI, DNSxL draft is in IETF Last Call -
>     http://wiki.asrg.sp.am/wiki/Description_of_DNSBLs
>     What do you think about XMPP-server implementations? Does that make
>     sense?
> 
>     -- 
>     Regards,
>     Evgeniy Khramtsov, ProcessOne.
>     xmpp:xram at jabber.ru <mailto:xmpp%3Axram at jabber.ru>.
> 
> 
> 
> 
> -- 
> - Norman Rasmussen
> - Email: norman at rasmussen.co.za <mailto:norman at rasmussen.co.za>
> - Home page: http://norman.rasmussen.co.za/

-- 
   Jesse Thompson
   Division of Information Technology, University of Wisconsin-Madison
   Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091125/5f57f111/attachment.bin>


More information about the Operators mailing list