On 1/4/2011 11:14 AM, David F. Skoll wrote: > On Tue, 04 Jan 2011 11:01:52 -0500 > Rob McEwen <r...@invaluement.com> wrote >> I've thought this through and... best case scenario is that spammers >> then get 5+ years of play time because it will take at least that time >> for those other techniques to catch up. > Umm.. no. We have plenty of effective techniques we're using right > now that don't rely on DNSBLs. I think if we stopped using DNSBLs > completely, a bit more spam would leak through, but it wouldn't be > catastrophic.
Yes, it would be catastrophic. For one, it would bring the large ISPs down to their knees. Easily! Heck, currently, I know of one extremely famous and large ISP who isn't even willing to parse out the domains in incoming messages to check against locally hosted URI blacklists because that would mean too much resources per message. (and that process is extremely fast and efficient!). Many smaller ISPs *depend* on blocking at connection time with Zen and would likewise crash & burn if DNSBL-blocking at connection time wasn't feasible. >> When we are left with only whitelists and no blacklists, an >> interesting problem will happen... there will be extreme prejudice >> against ALL new IPs not already whitelisted. > Life will become more difficult, but it's not all doom-and-gloom. > By default, you should be able to get on the whitelist just by asking. If > it turns out you've abused the trust, you get banned for a long time. > That's essentially how the Spamhaus Whitelist works. You're exactly right. The reliance on whitelists would grow... those not on whitelists (like small businesses and start-ups) would be screwed. This would lead to a chicken/egg problems... how do you build up good reputation to get on a whitelist if you can't sent mail until you're on one. That will lead to a need for a more "easy on" whitelisting process.. abet even if for a less trusted level. But spammers will then often "sneak" onto that 1st tier... but at least it is better than dealing with the massive numbers of IPs no on there at all! But do you see where this is leading?.... right back to my original idea. Looks like you agree we'll get to my original idea anyways, one way or another. (although, I think it would be a lot less messy... and spammers would get much less listwashing accomplished... if we took a more direct route!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
