> At 1:18 AM -0500 12/9/08, Theodore Tso wrote: > >This doesn't work for most people, but I had fun composing this > >response, and coming just a few weeks after people claiming that > >IP-based blacklists work well, and rarely result in false positives, I > >felt I just had to share. :-) > I don't understand. A site has a *local* blacklist: > > Delay reason: SMTP error from remote mailer after end of data: > > host rhun.apana.org.au [64.62.148.172]: 451-sender IP address 69.25.196.31 is locally blacklisted here. If you think > > 451 this is wrong, please call +61289874478. > Why do you think that this is relevant to the earlier discussion? That local > administrator could just as easily blocked your site by domain name. Sadly, it is no less relevant than many of the responses that were posted in the earlier thread. I was and continue to be somewhat appalled by the various types of sloppy thinking that have manifested during this discussion. First and foremost, personal anecdotes are not the best evidence. In fact they are barely evidence at all. For example, let me describe my latest blocked email episode. I run a small server that hosts a few users and some small mailing lists - 1000 members or thereabouts is about the largest list I have. I recently noted a bunch of addresses failing on one of my lists. Investigation revealed that I had run afoul of a local blacklist operated by a small ISP. I rarely bother to pursue such things because good outcomes are rare, but checking out their web site I thought they sounded reasonably clueful (references to rfc-ignorant.org and such), so I decided it was worth pursuing. I contacted them and was informed that while my address was clean, there was another address close by that was emitting spam that they had had to block. I asked them why they couldn't just block the specific address and was told they can only block entire ranges. And the minimum range size for them appears to be so large that the offending address isn't even associated with my ISP! Long story short, I've been screwed by an incompetently implemented local blacklist. Not to belabor the obvious, but this would not have happened had they opted to use, say, an appropriate Spamhaus list. (I checked and found my addres is not listed and the offending address is.) Nor would it have happened had they followed the implementation practices described in the DNSBL documents - they would have been able to block the offending address without blocking me as well. So does this personal experience mean that DNSBLs are a great idea? Of course it doesn't - it's just one case and probably representative of nothing. But the same hoids for all of the other personal anecdotes people have posted. Second, the fact that 10 years ago you set up sendmail for the computer club at your college doesn't make you an expert on modern large scale email systemms administration. The operational concerns for large-scale email setups today are very different from thost that would have applied to small scale setups a few years back. I'm not going to get into the insight real operational experience provides because I also lack the necessary operational experience to have an informed opinion. There are, however, several folks who do have experience with large scale email operations who have posted in this thread and others similar ones here. These are opinions that should be valued, especially when that experience doesn't jibe with your own. And yet the overall response to such postings has IMO been fairly dismissive if not outright condescending. Third, while it may be the case that large ISPs and MSPs appear to many to large, utterly impersonal edifices, the fact of the matter is that people do complain to them when they believe their email has been lost or even delayed. And the cost of handling complaints is considerable, which means that considerable effort goes into trying to minimize the amount of lost mail. (I have responded to or commmented on so many RFPs for improved filtering that cite "reduce customer complaints about false positives" that I feel entirely justified in making these assertions.) Mechanisms that have high false negative or positive rates are quickly abanndoned in practice, so the fact that many if not most large ISps and MSPS use DNSBLs really does count for something. So the next time you decide to post a message about how your poor Saintly Aunt Millie had a problem sending email to Uncle Harry a few years back and as a result DNSBLs (or whatever the email topic du hour is) suck ass now and forevermore, please do us all a favor and repurpose those electrons and instead send an email to the person you know who took a job at <randomlargeisp> and now runs their email setup asking for his or her opinion. You might even be surprised at what you hear. Ned _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf