<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 23 November 2017 at 13:11, Paul Vixie <span dir="ltr"><<a href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
SpamHaus's pricing page does not lead me to that conclusion. I think any<br>
individual looking at that list will see that everyone except <a href="http://rpzone.us" rel="noreferrer" target="_blank">rpzone.us</a><br></span>
<<a href="http://rpzone.us" rel="noreferrer" target="_blank">http://rpzone.us</a>> says "contact us for a quote", conclude that there is<span><br>
no service designed for individuals, and move on.<br>
</span></blockquote>
<br>
that's unfortunate. i suggest reaching out yourself, and letting us know (both here, and at <a href="mailto:hostmaster@dnsrpz.info" target="_blank">hostmaster@dnsrpz.info</a>) what you find.<br>
<br>
however, your point is more broadly applicable. "free" never is. most of the old RBL's were free for individual use, because the cost was low (zone transfer was only available for a fee) and the benefit was high (the queries to the RBL's published DNS servers were valuable in terms of telling the RBL what servers were trying to send e-mail "right now"). none of those economics carries over to RPZ, which is only useful as a zone transfer.<br></blockquote><div><br></div><div>The reason I excluded <a href="http://rpzone.us" target="_blank">rpzone.us</a> above is that they charge in tiers by the query, which implies that, rather than provide an RPZ feed, they provide an RDNS service similar to the RBLs.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">so, i'd still do it, because i'm a little bit crazy, and i have often found a way to succeed where all theory predicts failure. but you should not want to participate, because you may not be crazy enough.<br>
<br>
without the benefit of seeing what lookups are occurring, and without a commercial upsell opportunity, i don't know how anybody would fund the operation of a free RPZ.<br></blockquote><div><br></div><div>Your point is well taken, and leaves me still unable to connect the dots between what I read as advocating for individual resolvers and advocating for RPZ. The two appear to be in conflict. Have I misread your intent on either subject?</div><div><br></div><div>I'm strongly in favour of individuals running their own DNSSEC validators, but until this email had no way to reconcile that with widespread RPZ use.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
thus, my surprise and delight about:<br>
<br>
<a href="https://suspect-networks.io/downloads/" rel="noreferrer" target="_blank">https://suspect-networks.io/do<wbr>wnloads/</a><span class="m_-4033291870600571631HOEnZb"><font color="#888888"><br>
<br></font></span></blockquote><div><br></div><div>I am also surprised and delighted! Given that you host their AXFR service, and that you operate <a href="http://dnsrpz.info" target="_blank">dnsrpz.info</a>, I'm also surprised this isn't already listed there. Thanks for pointing it out.</div><div><br></div><div>So, Joe, the answer is apparently "yes". There are affordable solutions for businesses–and also apparently for individuals–who run their own resolvers to do their own threat filtering.</div><div><br></div><div><br></div><div>PS: Apologies for the terseness of my last few emails, but I've been forced into using dictation software for the last few days and I'm finding it frustrating..so I'm keeping things short.</div></div></div></div>