Peter Saint-Andre wrote:
On 11/18/09 9:39 AM, Sean Dilda wrote:
Norman Rasmussen wrote:
I was under the impression the DNS block lists don't work well anymore
(too many false positive, not enough true negatives)
DNS block lists are commonly used by many organizations and large
companies. Often they're used as one of several factors in deciding if
the email received is spam.
How is your DNSBL built? What are the inputs? How does the operator of
an XMPP service find out if their domain or IP address is listed? Do you
return a particular stream error to entities that are on the DNSBL? How
does a service remove itself from the list? Where is the list maintained
and by whom? How does someone access the list? What if the machine on
which the DNSBL is located gets hacked? Does this introduce a single
point of failure or attack for the XMPP network?
I have many questions. :)
Peter, Who was that directed at? You responded to my post, but it
sounds like you're asking about Evgeniy Khramtsov's implementation for
jabber.ru.
However, I will give input on the last few and my thoughts on how it
*should* be done. In the email world there are several independent
organizations which host dnsbls. Each one has their own standards for
identifying a spamming site and their own policies for removal, etc.
Some are known to be very quick to add a site and thus result in many
false positives, whereas others are more conservative as to what sites
they add. As such, each site admin is able to choose which dnsbls they
wish to listen to and how much weight to put on each DNSBLs data.
