So does this mean SA should disable ALL network based tests by default
as they all have the same potential to return false
positives/negatives to get the attention of (abusive) sysadmins? About
the only difference is dnswl.org got to hit folks with a -5 score
whereas most others would have significantly less scoring impact
available, but the potential threat is the same.
In the past, the RBL errors I can think of were less RBL policy and more
RBLs going under where things such as registrars took over DNS and
returned answers for every query.
However, the stability of an RBL and their infrastructure is a major
concern for the SA project to consider an RBL for inclusion for just
these type of reasons. There is a lot of debate concerning RBLs, their
impact and their inclusion in SA.
I can understand the decision if dnswl.org have requested SA disable
lookups by default, but otherwise it's a last resort attempt to get
the attention of someone after all other reasonable efforts to
communicate the issue have failed. I personally don't think it
unreasonable.
Either way, I appreciate the heads up here so we (SA users) may make
the decision whether or not to re-enable dnswl.org on our own setups.
As an aside, DNSWL most likely disagrees with disabling the rules by
default in SA. However, it was an SA decision to do so in light of
complaints of the rule misfiring on purpose due to over-quota policies
for DNSWL.
Regards,
KAM
