SORBS on autopilot?

Brian Keefer chort at smtps.net
Tue Jan 12 18:48:31 UTC 2010


On Jan 12, 2010, at 10:31 AM, Jed Smith wrote:
> 
> Given the first few replies I received, allow me to clarify, now that I've
> ... apparently angered the anti-spam crowd:
> 

I wouldn't say that necessarily accurate.  I could be considered part of the "anti-spam crowd", seeing as that's my line of work.

I think DULs are a really dumb way to block spam.  Making a binary decision off of information that's wrong as often as it's right it's a great way to create collateral damage and just generally cause more headaches for everyone.  Sure, you could take PTR content into account as _part_ of your decision on how to treat incoming e-mail (or connections, for that matter), but it should never be the _whole_ decision.

Keeping track of observed behavior is much more indicative of whether an IP is going to send you spam than just assuming all IPs are dynamic until proven otherwise (through some laborious 12-step process, possibly including bribes^H^H^H^H^H^Hdonations).  There are several enterprise-class, best-of-breed vendors using the former technique rather than the latter.  I think you'll find it's low-end, unsophisticated outfits who use the latter method.

Yes PTRs should be more accurate and informative, but very often the people standing up mail servers aren't the people who have control over the DNS and barely even understand how it works.  Many organizations who have access to directly edit their forward zones don't have that kind of access to their reverse zones and find updating that information to be somewhat of an arcane process.

DNS should really be taught in schools.

--
bk



More information about the NANOG mailing list