[56611] in North American Network Operators' Group
Re: Question concerning authoritative bodies.
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Tue Mar 11 11:07:54 2003
Date: Tue, 11 Mar 2003 11:07:18 -0500 (EST)
From: jlewis@lewis.org
To: Ron da Silva <ron@aol.net>
Cc: nanog@merit.edu
In-Reply-To: <20030311154136.GG3754@aol.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 11 Mar 2003, Ron da Silva wrote:
> Hmm...I would argue that every operator needs to run their own DNSBL.
Can you elaborate on why? IMO, there are definite benefits to
centralized, shared DNSBLs, especially if testing is involved. Many can
benefit from the work done by a few and not have to duplicate the work.
If you only DNSBL IPs after you receive spam from them, you have to get
spammed by every IP before it's blocked. Why not reject mail from IPs
that have spammed others before they spam you and your customers? Though
I have problems with the way it's been run, I think that's the idea behind
bl.spamcop.net. If they could just restrict nominations to a more clueful
group of users, such a system could be very effective for blocking spam
everywhere as soon as one system gets hit. For spam from open relays and
proxies, a centralized DNSBL that tests the IPs that talk to servers using
it can be just as, if not more, effective.
> It would be very difficult to convince any operator to give up control
> of defining their own DNSBL (or even not having one at all).
You can use a central DNSBL without giving up total control. Shortly
after I configured servers to use a DNSBL for the first time, I recognized
the need for a local DNSWL and have continued to use one ever since. When
I setup other people's servers to use DNSBLs, I help them setup a DNSWL
and explain how to maintain it.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
