On 11/18/09 6:54 PM, Sean Dilda wrote: > Peter Saint-Andre wrote: >> On 11/18/09 9:39 AM, Sean Dilda wrote: >>> Norman Rasmussen wrote: >>>> I was under the impression the DNS block lists don't work well anymore >>>> (too many false positive, not enough true negatives) >>> DNS block lists are commonly used by many organizations and large >>> companies. Often they're used as one of several factors in deciding if >>> the email received is spam. >> >> How is your DNSBL built? What are the inputs? How does the operator of >> an XMPP service find out if their domain or IP address is listed? Do you >> return a particular stream error to entities that are on the DNSBL? How >> does a service remove itself from the list? Where is the list maintained >> and by whom? How does someone access the list? What if the machine on >> which the DNSBL is located gets hacked? Does this introduce a single >> point of failure or attack for the XMPP network? >> >> I have many questions. :) > > Peter, Who was that directed at? You responded to my post, but it > sounds like you're asking about Evgeniy Khramtsov's implementation for > jabber.ru.
Indeed, I was curious about the jabber.ru deployment. I just happened to reply to the most convenient message. :) > However, I will give input on the last few and my thoughts on how it > *should* be done. In the email world there are several independent > organizations which host dnsbls. Each one has their own standards for > identifying a spamming site and their own policies for removal, etc. > Some are known to be very quick to add a site and thus result in many > false positives, whereas others are more conservative as to what sites > they add. As such, each site admin is able to choose which dnsbls they > wish to listen to and how much weight to put on each DNSBLs data. Well, at least that reduces my concern about a single point of failure and attack... Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
