On Sat, 12 Aug 2006 17:11:34 -0700 (PDT), "John D. Hardin" <[EMAIL PROTECTED]> opined: > On Sat, 12 Aug 2006, John Rudd wrote: > > > If someone does make a Registrar RBL and a Name Server RBL (both > > of which are good ideas), _PLEASE_ do something like this: > > > > a) have two lists for each RBL, one which has the above "kill the > > bystanders" point of view, and one which is much more conservative > > in its listing policies. > > By listing policies I suppose you mean how offensive a registrar has > to be to be put on the list. Can anyone suggest guidelines to use to > make this decision? > > > b) have an RBL which returns different values for different > > confidence levels. Something like a percentage of known spammers > > are on that specific provider. So, if a registrar is 60% spammers > > and 40% bystanders, it will return "60"... and I can choose to > > only block those who have a 99% or higher rating, or something. > > This would also, hopefully, allow SA to give different score > > values to different ratings. > > 127.0.0.1 ... 127.0.0.100 perhaps? How would a rule to score points > based on the returned IP look? Can/does SA cache the returned IP and > test it in multiple rules without making multiple DNS queries? >
I actually considered doing this. However: 1. Maintenance is problematic. 2. Creating a consistent policy for listing and removal is nearly impossible. Ultimately, the whole thing becomes very arbitrary. 3. It requires data that is unavailable. Unless one considers the total of domains registered or served then the signal:noise becomes incalculable. I would also note that there is no standardization of whois data. 4. If you compare this to our PRC or Korea lists, a user can evaluate whether or not they receive any valid email from those countries and score accordingly. 5. I believe that our "quarantine" policy provides a real incentive for administrators to lock down their servers. Yet that knowingly creates a certain amount of ham. However there is a consistent and pragmatic methodology associated with delisting. -- Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org
