On Mon, 30 Jan 2017 09:39:00 +0000 Simon Forster <simon-lists@ldml.com> wrote:
Considering that DNSBL tech is "reactive" (after he abuse)
This statement appears to be exclusionary — and is one often levelled against DNSBLs. All DNSBLs are not wholly reactive.
Firstly, one needs to acknowledge that all DNSBLs are not they same.
Yes, but they can be easily categorized into general groups
Secondly, some listings in some DNSBLs are proactive. i.e. Made before abuse is seen. As I work for the commercial arm of Spamhaus, I know their offerings quite well and can confidently state that some of the Spamhaus block lists contain proactive and/or precautionary listings. I imagine SURBL does likewise. Other block lists probably have similar policies / inputs. Simon
Thank you for that, so the grouping here is DNSBL that block pro actively (and without actual abuse) and DNSBL that block after evidence of abuse Can you comment on the method of de listing - auto de list after x time and/or no de-listing until removal request? Do the time periods of auto de-list take into consideration past abuse? And, in your obvious experience - when DNSBL blocks pro actively - does your de listing require adjustments or are they in step with what you are seeing?
The block time policies of RBLs *********************************** There are two main types of block lists: No automatic removal and automatic removal
Is the policy to auto de-list after a period of time, still accurate?
Considering the change in abuse patterns and technology, should the block times be increased or de-creased?
Does society require more specialist non auto de-list DNSBLs? (Would it be helpful to law enforcement to have a "child pornography" dnsbl? or a phish dnsbl? - or is the reactive time to high in order for dynamic ipv4? - but on ipv6 allocations to devices could be more 'permanent'? etc)
Andre