> Infinite-Monkeys has been dead for some 6 months, and is now flagging
> ALL checked messages as spam in an effort to get sysadmins to finally
> update their rules. It seems to be working.
It seems that there is a fundamental problem with DNSBLs gracefully
exiting the scene. It's really too bad that those people who (for
whatever reason) can't maintain a DNSBL anymore seem to end up with a DDOS
on their hands and feel they have to resort to "everything is blacklisted"
to get any notice from mail system administrators. I think we need method
for clients of DNSBLs to be notified that the BL is shut down/shutting
down.
Perhaps a new ip address being resolved from a DNSBL query, such as
127.0.0.254, could indicate that the service is disabled or has been
permanently terminated. Clients of DNSBLs could then perform a
exponential backoff and eventually stop querying the BL, or send an
administrative notification that a "go away" response was received. I'm
not sure how the current DNSBL system was decided upon (defacto?) but for
something like this to be effective, the majority of DNSBL clients (MTAs,
in particular) would have to agree to implement it.
I'm definitely no expert on this topic, but maybe this can be food for
thought for those that are.
--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam
phrases(0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/
Keep up to date with the latest third party SpamAssassin Rulesets:
http://www.exit0.us/index.php/RulesDuJour
> ALL checked messages as spam in an effort to get sysadmins to finally
> update their rules. It seems to be working.
It seems that there is a fundamental problem with DNSBLs gracefully
exiting the scene. It's really too bad that those people who (for
whatever reason) can't maintain a DNSBL anymore seem to end up with a DDOS
on their hands and feel they have to resort to "everything is blacklisted"
to get any notice from mail system administrators. I think we need method
for clients of DNSBLs to be notified that the BL is shut down/shutting
down.
Perhaps a new ip address being resolved from a DNSBL query, such as
127.0.0.254, could indicate that the service is disabled or has been
permanently terminated. Clients of DNSBLs could then perform a
exponential backoff and eventually stop querying the BL, or send an
administrative notification that a "go away" response was received. I'm
not sure how the current DNSBL system was decided upon (defacto?) but for
something like this to be effective, the majority of DNSBL clients (MTAs,
in particular) would have to agree to implement it.
I'm definitely no expert on this topic, but maybe this can be food for
thought for those that are.
--
Chris Thielen
Easily generate SpamAssassin rules to catch obfuscated spam
phrases(0BFU$C/\TED SPA/\/\ P|-|RA$ES): http://www.sandgnat.com/cmos/
Keep up to date with the latest third party SpamAssassin Rulesets:
http://www.exit0.us/index.php/RulesDuJour