On 12/12/2011 1:35 PM, Daniel McDonald wrote:
Can I ask you a fairly blunt question?
What action could they have taken that would have caused you to notice that
you were engaging in abusive miss-use of their service by continuing to
forward your requests through google?
I'm quite serious. DNSBLs have this problem of never being able to get rid
of the queries from sources that appear to be abusive. What can be done so
that a part-time admin will take notice and fix their equipment? A log
message? Special header in every e-mail? Change the subject line to "you
have Spamassassin integrated wrong!"? Or a visit from Guido and some of the
boys, trying to make an offer you can't refuse?
In this case, they moved you to action by causing your customers some grief.
That made you look into the issue, get guidance that you really need to run
a local recursive caching DNS server in order to get clear answers from
DNSBLs, and then I imagine you fixed the problem. How else could they have
let you know?
There is nothing an RBL admin can do to guarantee access to the admin of
a downstream server. The use of DNS is purposefully done to provide a
distributed network and purposefully giving wrong answers is DNS poisoning.
If you choose to run an RBL, you have to know you might need to
blackhole requests from people that don't follow the access rules.
Sending an incorrect answer to get someone's attention is akin to firing
a few rounds through a window to get the attention of the window cleaner.
However, I would love to see RBLs get together and come up with a
specific "this is a "non-answer" answer" that can be programatically
used. However, realize that many RBLs are designed to be implemented in
FAR simpler situations than SA that can only deal with yes/no.
Regards,
KAM
