On 12/13/2011 9:21 AM, David F. Skoll wrote:
I think we need an informational RFC that specifies best-practices for
a DNS{B,W}L to inform clients that they have been blocked.
For example, a testpoint like:
blocked.dnsbl.example.org
could return an A record for name servers that are blocked and NXDOMAIN
for others. This might even work out-of-the-box for some existing lists
that return an A record for any query (or it may not, if they expect
a reverse-dotted-quad.)
It could even return a TXT record giving the reason for the block.
Anyway, assuming this idea is widely-accepted (hahaha!), it would be pretty
easy to make something that periodically tests your list of DNSBLs and
disables those that are blocking your query.
This was mentioned as a possibility and it's a good idea.
But from SA's perspective, though, it means that it requires code. And
the big issue is NOT the delays. The big issue is the purposefully wrong
answers.
The code-requirement for a fix means that this new policy is delayed at
least 6 months after a major release for SA based on
http://wiki.apache.org/spamassassin/ReleaseGoals. So if we miss this
code getting into 3.4.0, that means it waits until 3.5.0 (or 4.0.0) + 6
months. If someone wants to submit code to actually do it, that'd be
great. But it's a got a delay before it matters either way.
I've opened a ticket
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724 towards an
immediate solution.
regards,
KAM