[Moving this discussion from the private list.] Matt Kettler writes: > SpamAssassin's past behaviors could be summed up as: > > We'll include anything we find useful, but we'll disable by default > anything that's not free for everyone. > > I base that on two past decisions by the project: > > SA has a tendency to include anything we find useful, as it's nearly > always had MAPS RBL rules, despite MAPS being a commercial subscription > RBL for anyone other than educational institutions and private users.. > (note: I'm not sure what's happened to MAPS licensing since trend bought > it.) > > SA also appears to disable-by-default anything that's not "free for > anyone", based on the past where SA disabled razor for having a > restriction on free use by "large volume users". Although their policy > was also vague, I think razor were not sure what limits to > set so they were trying to pick it out based on those causing > substantial load on their servers.
Yep. I'm not really sure what Razor's plans were there, though; but the effects of the restrictions were clear enough at the time. We disabled DCC since its licensing rules changed, too, to block commercial use. > Now, personally I don't have a problem if we want to talk about changing > that slightly, but I think that policy is a good baseline to work from. I agree. +1 > I certainly think it's reasonable to allow services that have a "free > for all, unless your query load winds up DoS'ing our servers" to be > enabled by default. Every network check has that policy, even if they > don't write it down. yes. +1 Note that many of the other DNSBLs ask that high-volume users rsync a local zone -- they don't charge, but they do *imply* that high-volume direct querying is *discouraged*. I think this is a case where pragmatism may need to be applied. The thing is, we *could* disable Razor, and later DCC, back then, because there were alternatives doing more or less the same thing. If we disable Spamhaus, I think we'd be in a much worse position. :( They're an important DNSBL. > Restrictions against appliance vendors (ie: barracuda) I'm not sure how > I feel about. In some ways I can see the argument "if you're an > appliance vendor, you should be expected to check the licensing of all > the network tests", but that seems a little far-fetched for the > small-shop guys making SA "appliances". If we do start allowing these, > we really should at least include a README.appliances file telling > appliance vendors that not all network tests are free for their use and > they should check with the services directly. +1. Perhaps just in the existing README, though. --j.
