On Thu, Dec 23, 2010 at 09:02:50PM -0500, David F. Skoll wrote: > On Thu, 23 Dec 2010 17:08:11 -0800 (PST) > John Hardin <jhar...@impsec.org> wrote: > > > But the known-evil addresses aren't the data being protected (however > > poorly) - the email addresses from your inbound mail that you're > > checking against the list of evil addresses (which may include > > correspondents who don't want their email addresses spread about > > publicly) are what you're protecting. > > Ah, I see. You want to protect the email addresses you're checking > from a malicious DNS server that might harvest the addresses... OK. > > I'm not sure a DNSBL of email addresses would be effective. We see > spammers mutating addresses all the time. I expect that's why there > haven't been any widely-used email address DNSBLs.
Over a year ago an experimental emailbl was tested here on the list. It worked fine for many people. But it would be impractical FP and bandwidth wise to run such list without specified set of domains, like freemails. More and more hacked accounts from universities etc are used these days, which would make the task harder. Running a respected public list would need some _serious_ resources.
