IETF Logo Mail Archive

Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment

Dave Warren <lists@hireahit.com> Wed, 25 January 2012 19:23 UTC

Return-Path: <prvs=137146ef3e=lists@hireahit.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8518121F853F for <asrg@ietfa.amsl.com>; Wed, 25 Jan 2012 11:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.854
X-Spam-Level:
X-Spam-Status: No, score=-2.854 tagged_above=-999 required=5 tests=[AWL=0.745, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKVzJWQI0fY7 for <asrg@ietfa.amsl.com>; Wed, 25 Jan 2012 11:23:35 -0800 (PST)
Received: from vinny.hireahit.com (vinny.hireahit.com [72.51.42.137]) by ietfa.amsl.com (Postfix) with ESMTP id D8B1D21F853C for <asrg@irtf.org>; Wed, 25 Jan 2012 11:23:35 -0800 (PST)
Received: from [172.24.0.104] by hireahit.com (vinny.hireahit.com) (SecurityGateway 2.0.7) with SMTP id SG001550191.MSG for <asrg@irtf.org>; Wed, 25 Jan 2012 11:23:26 -0800
Message-ID: <4F2056AC.9060401@hireahit.com>
Date: Wed, 25 Jan 2012 11:23:24 -0800
From: Dave Warren <lists@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20120118 Thunderbird/10.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <18B53BA2A483AD45962AAD1397BE13253846E0FE87@UK-EXCHMBX1.green.sophos> <6.2.5.6.2.20120125102806.0ae6afe8@resistor.net>
In-Reply-To: <6.2.5.6.2.20120125102806.0ae6afe8@resistor.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-SGOP-RefID: fgs=0 (_st=1 _vt=0 _iwf=0)
Subject: Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2012 19:23:36 -0000

On 1/25/2012 10:37 AM, SM wrote:
> At 07:07 24-01-2012, Martijn Grooten wrote:
>> (Vamsoft ORF is a spam-filter.) Basically uribl.com was returning 
>> 127.0.0.1 to _all_ queries from nameservers that are sending high 
>> volumes (presumably without paying for it) as some kind of 
>> punishment. http://uribl.com/ confirms that.
>
>   "After investigating this further, it seems the affected ORF users
>    all use Google public DNS servers for the queries (or use such servers
>    as forwarders in their local DNS configuration)."
>
> Anyone using open recursive DNS servers or their ISP's DNS server for 
> DNSBL queries is asking for trouble.  The listing is to get the 
> attention of the sender.  It's "antisocial".

I have to wonder, if a DNSBL were being operated entirely on a free 
basis (rather than a freemium model), might it not be better to take 
advantage of the large caches out there rather than having thousands of 
individual servers performing the same mundane set of lookups individually?

Obviously this negates the DNSBL's ability to try and pull cash out of 
the larger entities, but purely from a resource management point of 
view, if someone wants to offer a front-line cache for free, surely that 
should reduce load.

-- 
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren

v2.8.7 | Report a Bug | By Email