« Return to Thread: relays.ordb.org returning positive for everything?
Re: relays.ordb.org returning positive for everything?
by John Rudd
::
Rate this Message:
Aaron Wolfe wrote:
> On Tue, Mar 25, 2008 at 11:50 PM, John Rudd <jrudd@...> wrote:
>> mouss wrote:
>> > ajx wrote:
>> >> It seems your logic is fundamentally flawed for several reasons. By
>> >> returning false positives, you're breaking mail gateways that use this
>> >> once
>> >> useful service. On the contrary, the best way would be to simply return a
>> >> DNS host not found error or a connection refused message when a client
>> >> tries
>> >> to make contact to the service... This would reduce your bandwidth and
>> >> not
>> >> confuse and frustrate any users...
>> >>
>> >>
>> >
>> >
>> > It is your logic that is flawed.
>>
>> > Returing an error brings nothing at
>> > all.
>>
>> Which is exactly why it is better. It brings no false positives.
>> That's infinitely better than returning all false positives.
>>
>>
>>
>> > the error is ignored since it has no practical consequence (except
>> > maybe in some unread log file)
>>
>> Unread/unchecked only by half-assed postmasters who aren't worth their
>> salt, and should thus be fired.
>>
>>
>> A decent postmaster at least generates summaries of traffic (perhaps via
>> cron), and will note that one of their DNSBLs dropped from "lots of hits
>> per day" to "no hits per day", wonders why, and looks into the problem.
>> These responsible postmasters (who may have missed any notification of
>> the impending death of the DNSBL they use) do not deserve to have the
>> headaches caused by generating "all false positives". They will get
>> angry calls from users whose mail was returned to the senders (many of
>> whom will not resend, some of whom are even so lazy as to not even read
>> bounce reports). In short, returning an always block result from a
>> deprecated DNSBL effectively, and inappropriately, penalizes the
>> responsible postmasters who do in fact check the results, and
>> investigate why things changed.
>>
>>
>> A postmaster who doesn't check their logs in any fashion deserves
>> whatever they get. Including having all of the spam sail through
>> unchecked. Or having their domain actually RBL'ed (ie. routed to null)
>> because they've continued to do queries well past any reasonable
>> expiration period.
>>
>>
>> Generate all misses: doesn't penalize the good postmasters, don't care
>> about the effect on the bad postmasters.
>>
>> Generate all hits: penalizes the good postmasters, don't care about the
>> effect on the bad postmasters.
>
> I think you're mistaken. Generating all hits does not penalize a
> "good" postmaster, because no good postmaster will be using an RBL
> that's been dead for over a year.
That's only specific to this case. I'm talking about from day 1 of the
RBL going dark.
> On Tue, Mar 25, 2008 at 11:50 PM, John Rudd <jrudd@...> wrote:
>> mouss wrote:
>> > ajx wrote:
>> >> It seems your logic is fundamentally flawed for several reasons. By
>> >> returning false positives, you're breaking mail gateways that use this
>> >> once
>> >> useful service. On the contrary, the best way would be to simply return a
>> >> DNS host not found error or a connection refused message when a client
>> >> tries
>> >> to make contact to the service... This would reduce your bandwidth and
>> >> not
>> >> confuse and frustrate any users...
>> >>
>> >>
>> >
>> >
>> > It is your logic that is flawed.
>>
>> > Returing an error brings nothing at
>> > all.
>>
>> Which is exactly why it is better. It brings no false positives.
>> That's infinitely better than returning all false positives.
>>
>>
>>
>> > the error is ignored since it has no practical consequence (except
>> > maybe in some unread log file)
>>
>> Unread/unchecked only by half-assed postmasters who aren't worth their
>> salt, and should thus be fired.
>>
>>
>> A decent postmaster at least generates summaries of traffic (perhaps via
>> cron), and will note that one of their DNSBLs dropped from "lots of hits
>> per day" to "no hits per day", wonders why, and looks into the problem.
>> These responsible postmasters (who may have missed any notification of
>> the impending death of the DNSBL they use) do not deserve to have the
>> headaches caused by generating "all false positives". They will get
>> angry calls from users whose mail was returned to the senders (many of
>> whom will not resend, some of whom are even so lazy as to not even read
>> bounce reports). In short, returning an always block result from a
>> deprecated DNSBL effectively, and inappropriately, penalizes the
>> responsible postmasters who do in fact check the results, and
>> investigate why things changed.
>>
>>
>> A postmaster who doesn't check their logs in any fashion deserves
>> whatever they get. Including having all of the spam sail through
>> unchecked. Or having their domain actually RBL'ed (ie. routed to null)
>> because they've continued to do queries well past any reasonable
>> expiration period.
>>
>>
>> Generate all misses: doesn't penalize the good postmasters, don't care
>> about the effect on the bad postmasters.
>>
>> Generate all hits: penalizes the good postmasters, don't care about the
>> effect on the bad postmasters.
>
> I think you're mistaken. Generating all hits does not penalize a
> "good" postmaster, because no good postmaster will be using an RBL
> that's been dead for over a year.
That's only specific to this case. I'm talking about from day 1 of the
RBL going dark.
« Return to Thread: relays.ordb.org returning positive for everything?
| Free Forum Powered by Nabble | Forum Help |