I think we agree or else there I didn't phrase myself correctly (sorry, not a native english speaker):
1. Using a regex over DNS pattern is a 'proxy' method for using a more trusted method of identifying PBL space. 2. No 'Big' player uses it. 3. 'Big' players are the most performance sensitive out of all mail recipients out there and most targeted by attacks. 4. Deriving from 1+2+3 - Using said regex pattern cannot be reasonably justified by performance considerations. 5. Netease (one of the largest mail services in the world) would have been flagged by it. 6. Deriving from 4+5, the practice attests to lazyness or apathy to false positives by the operator deploying it. Gil On Wed, Jun 15, 2016 at 12:36 PM, Michelle Sullivan <miche...@sorbs.net> wrote: > Gil Bahat via mailop wrote: > >> public PBL registry. Do you see any big recipients >> (gmail/hotmail/yahoo/netease/etc) 'optimizing' by such a regex? >> > > I would also beg to differ if you think at least 3 of those you mention > would use any of the public DNSbls as a sole decision point... Nor would > they use 'such a regex'... even the other massive one that immediately > comes to mind that you didn't mention that does use a DNSbl on the border > as a sole decision point for "quick rejects" doesn't use a Dynamic/Policy > blocklist of any type - despite recommendations by technical experts and > live statistics being taken showing a 25%(ish) efficiency gain with zero > false positives.... all because there is a "chance" of false positives. > > -- > Michelle Sullivan > http://www.mhix.org/ > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
