> In fact, the people who use these DNSBL blacklists do so only for a > short time, until they get burned and stop using them. That's what > happens routinely with SORBS. If SORBS is your idea of a best-of-breed DNSBL, I can understand your scorn. But it's not. You want to see a DNSBL done right, go look at, say, the Spamhaus lists. Their Zen list is one of the best available, perhaps even _the_ best, for general-purpose use. > In the 1990s, I found ORBS and Osirusoft scanning for open relays and > then abusing them. I discovered this by setting up open relays, > logging TCP connections, and submitting the relay to the blacklist. > After the blacklist scanned the relay, it began getting abuse with no > further scanning. How long was it between setup and submitting? Between submitting and abuse? I regularly see attempts to abuse hosts that do not run mailers and never have; I believe there is malware out there that is basically trying random - or, occasionally, sequential - addresses to discover open relays. While I would be one of the last to defend a DNSBL that "tests" hosts, I think what you saw is more likely evidence of the relay being discovered independently than of a feed from the DNSBL to the spammers. > But DNSBLs can't solve the problem when spam is sent via botnets. That's actually true, but not for the reason you imply. DNSBLs can't solve the problem _at all_; it's a social level problem and requires a social level solution. Wnat DNSBLs do is mitigate the damage so that we have at least middling-usable email while solutions evolve at the social level. Furthermore, you appear to think that all DNSBLs are reactive in nature. This is not true; there are at least a few DNSBLs that proactively list "large indistinguishable pool" addresses. In at least one case, the pools are submitted to them by the providers that run the pools. Using such a list puts a substantial crimp in direct-to-MX spamming. > If the sending site uses a static IP address that stays static long > enough to be listed in a DNSBL, it probably isn't unsolicited spam. "Probably"? What is it you are saying the probability of is high? (Precision is important; there are reasonably plausible interpretations of what you wrote that are almost tautological and there are other reasonably plausible interpretations that are nowhere near true.) There aren't many addresses, as a fraction of the Internet, that are statically assigned and send spam. But the fraction is definitely nonzero, and they tend to send a lot. DNSBLs work very well indeed against those. DNSBLs are not a magic bullet. But they are one of the more useful tools - one of the few that is still useful even with large swaths of the net using it. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@xxxxxxxxxxxxxxxxxxxx / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf