On Tue, 11 Mar 2003, Ron da Silva wrote:
Hmm...I would argue that every operator needs to run their own DNSBL.
Can you elaborate on why? IMO, there are definite benefits to centralized, shared DNSBLs, especially if testing is involved. Many can benefit from the work done by a few and not have to duplicate the work. If you only DNSBL IPs after you receive spam from them, you have to get spammed by every IP before it's blocked. Why not reject mail from IPs that have spammed others before they spam you and your customers? Though I have problems with the way it's been run, I think that's the idea behind bl.spamcop.net. If they could just restrict nominations to a more clueful group of users, such a system could be very effective for blocking spam everywhere as soon as one system gets hit. For spam from open relays and proxies, a centralized DNSBL that tests the IPs that talk to servers using it can be just as, if not more, effective.
It would be very difficult to convince any operator to give up control of defining their own DNSBL (or even not having one at all).
You can use a central DNSBL without giving up total control. Shortly after I configured servers to use a DNSBL for the first time, I recognized the need for a local DNSWL and have continued to use one ever since. When I setup other people's servers to use DNSBLs, I help them setup a DNSWL and explain how to maintain it. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________