On Tue, 9 Feb 2010 18:02:09 -0500 dar...@chaosreigns.com wrote: > On 02/09, RW wrote: > > > And everything that it didn't block could be blocked by > > > blacklisting domains which have MTX records for spamming IPs. > > > > The same thing applies to full circle DNS > > So you want to blacklist all domains that have *any* PTR records for > IPs that send spam?
Perhaps you should google full-circle dns if you don't understand what it means. Essentially there's little difference, unless you are happy to ignore spammers that get blacklisted and then remove the MTX record. If you are, then there's little point to listing them in the first place. > > > > Every thing else is either handled by full-circle and no DNS > > > > tests, > > > > > > Full circle DNS tests don't block spam from quite a lot of IPs. > > > > But how many of those are neither mail-servers, nor spammer > > controlled ip ranges. > > A lot? Spam bot nets. Spambots don't have full-circle DNS. > > The chief problem is that there is no way to use this scheme until > > it has *very* high adoption, below 95% it wouldn't even be worth > > scoring > > As I recently posted, it can be used for whitelisting (after > blacklisting) immediately. And that use could increase creation of > the relevant records gradually until they're wide spread. How could your scheme be used for whitelisting when a huge amount of spam comes through mail-servers that send a mixture of spam and ham? Would you really want to whitelist hotmail? This kind of argument was made about SPF - a pass still scores -0.001. SPF has a limited amount of enlightened self-interest about it. If you publish SPF records you get less backscatter - your scheme doesn't do that. There's nothing in your scheme to encourage anyone to use it. > > at 0.5 in Spamassassin. With SPF you at least know the difference > > between a fail and a non-adopter. Whilst you could identify > > compliant servers there's no way that that would warrant anthing > > more than a nominal negative score. SPF_PASS scores -0.001 > > Only with a domain blacklist. So why would anyone use it and risk being blacklisted, what's the point of it existing if you don't punish domains that don't join - any that get on the blacklist could just drop-out of the scheme.
