On Fri, 19 Feb 2010 18:41:13 -0600 /dev/rob0 <r...@gmx.co.uk> wrote: > Whilst the above sounds a bit like a straw-man argument condemning > other DNSBLs (I'll get to that in a bit), it does bring up a very > important point, which, given the OP's post in the other thread, > needs to be emphasized.
Certain other DNSBL's are notorious for "I listed 12.0.0.0/8 because I don't like AT&T" or have delisting criteria that are punitive against some groups. It is unfortunately impossible to be completely spam free once you start tossing random users into the mix (whether it is an ISP or business, sooner or later some user will install god know what and start spewing ads for all sorts of crap). Poop happens, as the old adage goes: what matters is "has this sewage burst been contained, and are steps being taken so that this particular burst won't repeat itself?" > You should know every list's listing and delisting policies. If those > are not acceptable to you for any reason, it is not safe to use that > DNSBL for blocking of mail. 100% agreed. If you have a toy personal domain (like this one!) use the filters on that one first before you deploy them on a production server. See how they work first. On a production server, it may even be wise to temp-fail for an hour or two as you look for "oh crap, they listed AOL??" type things that will make your users very mad. > Now, the straw man. Perhaps it was not intended, but it sounded like > a veiled criticism of other public DNSBLs. In fact all major DNSBLs > are concerned about their reputations. They don't become a major > DNSBL service by blocking all of 12/8 because AT&T sucks. Right, the key word is 'major'. There is at least one that does block all of net-12. In the Olden Days there were several that liked to run vendettas. "Your ISP hosts spammers, so you are penalized" is not to most people's likings. It breaks far too much legitimate mail. Remember ORBS and such? Monkeys.com? I am wary of using many blacklists because in the past, some started out with what seemed to be good intentions, but morphed as time went along. > Spamhaus got to this position by being careful and conservative. > Consequently, people who desire more aggressive blocking which can > include some "human shields" as "collateral damage" will be a bit > disappointed. But it can easily block 70-95% of your spam. I like Spamhaus, and it is very effective, though they do charge a nontrivial fee for commercial usage that would never get approved around here. Spamhaus is sort of a business (well, NonProfit as I recall), and has a vested interest in the accuracy of their data as well: I didn't mean to imply anything against them.
