On 11/06/2015 00:18, Dianne Skoll wrote:
> On Wed, 10 Jun 2015 13:56:49 +0000 > David Jones <djo...@ena.com> wrote: > > [One should run a caching DNS server on a mail server.] > >> We are giving you solid advice based on real experiences where we >> ran into problems and worked around them. Just try to enable RBLs >> and see how it works for you. > > I'm not disputing that running a caching DNS server is a good idea, but > you may be quite surprised at the low cache hit rate for IP-based DNSBLs. > Spamhaus, for example, has a TTL of 1 minute on its A records. (Check > out "host -v 2.0.0.127.sbl.spamhaus.org" if you don't believe me.) > > Quite a number of years ago, I ran an analysis of the mail logs on a > very busy server and found an abysmally low cache hit rate (about 30%) > and that was in the day when Spamhaus had a 15-minute TTL. 30% is an excellent hit rate, however - The longer the TTL the higher the cache hit The longer the TTL the higher the collateral damage It's why most run 1-10 min TTL's, might not seem much, but take for example in the mid 90's when AOL was useless at dealing with spam issues, a listing of 10 mins could deny thousands of messages back then, and that helped "prompt" them into getting their act together, especially when a number of DNSBL's were doing it, so they kicked off their user (who often retuned 30 mins later courtesy of AOL's world wide flood of freebie CD's), and blocks where removed quick enough to minimise more innocents getting caught up.
