> On Oct 2, 2018, at 13:49, Bill Cole <sausers-20150...@billmail.scconsult.com> > wrote: > > On 2 Oct 2018, at 13:39, Matus UHLAR - fantomas wrote: > >>> On 2 Oct 2018, at 9:36, Rob McEwen wrote: >>>> SIDE NOTE: I don't think there was any domain my message that was >>>> blacklisted on URIBL - so I can't explain the "URIBL_BLOCKED", but that >>>> only scored 0.001, so that was innocuous. I suspect that that rule is >>>> malfunctioning on their end, and then they changed the score to .001 - so >>>> just please ignore that for the purpose of this discussion. >> >> On 02.10.18 11:48, Bill Cole wrote: >>> No, "URIBL_BLOCKED" means that the URIBL DNS returned a value that is >>> supposed to be a message to a mail admin that they are using URIBL wrong >> >>> A mail filtering system that gets URIBL_BLOCKED hits is broken. A mail >>> filtering system that gets them chronically is mismanaged. >> >> Nonsense. There is no such implication here. While URIBL_BLOCKED may and >> most of the time apparently does mean that system uses DNS server shared >> with too many clients, any system that receives and checks too much mail may >> get URIBL_BLOCKED just because they have crossed the limit, withous using it >> wrong or being broken. > > Operating a system in a manner which chronically crosses that limit is > abusive. > > The DNS reply that results in URIBL_BLOCKED is not "free" for the URIBL > operators and depending on their software may be as expensive as sending a > real reply. It has the advantage over simply dropping abusive queries that it > does not impose timeout delays on abusive queriers and sends a clear signal > that can and should be acted upon.
The DNSBL operator can also choose to use a frontend firewall/router/etc system to redirect the queries to a dedicated server which can reduce the packet per second rate that the authoritative DNS servers need to cope with. Abusive queries can almost definitely be handled much faster by a small/dedicated server that does nothing but return one single wild carded response, reducing the impact that abusive users can have on the primary infrastructure.
