[dns-operations] [from nanog] in.dnsbl.org must not be used for mail filtering

David Ulevitch davidu at everydns.net
Wed May 31 06:38:46 UTC 2006


On May 30, 2006, at 10:14 PM, Rick Wesson wrote:

> David Ulevitch wrote:
>> Mark didn't mention it but there is some discussion about making it
>> non-public (I support this).  It isn't to close out data from the
>> public -- it's because whenever we find out about someone "public"
>> using it they are using it in a terribly stupid way and have no
>> understanding of what the in.dnsbl.org zone is for.
>>
>> Is *anyone* out there using it for something?  Please let me know if
>> you are using the zone and what for. (Rick, I remember you mentioned
>> wanting a copy, ever get it?).
>
> we will (i just got access) use it as another hint on the RHS of  
> things. I have not done enough
> research on the zone to know exactly where it fits in with things.  
> I've always understood it is
> valuable to some registrars but havn't learned how it can be  
> leveraged yet.

Bad dude abuses DNS Provider A, DNS Provider A shit cans him *AND*  
adds his zone to the in.dnsbl.org.
Bad dude moves to DNS Provider B, DNS Provider B already rejects him  
for $reason because said provider checks new users and domains  
against the in.dnsbl.org zone.

That's how most of us use it.

>
> one thing that comes to mind is where are the codes to decode the  
> responses?
>
> ie what does 127.0.0.{3,4,5,6} mean?

	"127.0.0.2"=>"UCE",
         "127.0.0.3"=>"Fraud",
         "127.0.0.4"=>"Spam Promo",
         "127.0.0.5"=>"Illegal Content",
         "127.0.0.6"=>"Pre-emptive",
         "127.0.0.7"=>"Improper List Practices"
         "127.0.0.8"=>"Botnet Activity / Malware"

We may add a couple more categories.

When I talk about wanting the provenance of the various bits of data  
I get, this is what I'm talking about.  Getting a "this host is bad,  
trust me okay?" isn't enough for me.  (Not talking to you in  
specific.)  I wish the in.dnsbl.org zone said who added the record to  
the zone.   While we know this info we don't publish it in the zone.   
I think we should add it in as a TXT record or something to help  
verify the integrity of the data.

(And for those wondering, data additions are authenticated and  
restricted to certain people, but not verified for accuracy)

-david




More information about the dns-operations mailing list