On 1/31/21 8:28 PM, Arne Jensen wrote:
Spamhaus (blacklist) will return 127.255.255.x responses, if you're
over quota, using public resolvers or otherwise incorrect queries.
Hi,
this is not completely true. As stated here:
https://www.spamhaus.org/news/article/788/spamhaus-dnsbl-return-codes-technical-update
we are giving 127.255.255.254 return codes if you are using public
resolver, but this is not completely enforced.
This means that if you are using *very common* public resolvers (or if
your VM uses common VPS provider DNSs) you'll get a NXDOMAIN response,
that will dramatically lower spam detection, while not giving useful
response too. This had to be done because some (misconfigured) MTAs
interprets any response different than NXDOMAIN as "LISTED". And we
really don't want to cause unnecessary FPs.
We always recommend to register a free DQS key
(https://www.spamhaus.com/product/data-query-service/), that will work
even with *very common* open resolvers.
Our SpamAssassin plugin (https://github.com/spamhaus/spamassassin-dqs)
is written taking in account all of the different edge cases, and
everyone is encouraged to try it.
Sorry for vendor spam, but I felt this had to be outlined
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/