[Chapter-delegates] on DNSBL (was "no subject")

Thu Feb 2 03:35:08 PST 2012

Hi people,

The major problem we have noticed here (operating non-profit Internet
services for NGOs since 1989 in BR) is not related to the importante,
relevance and need of such services, but, let us put it mildly, on the
corporate approach of some services which will resort to questionable
practices to sell their anti-spam services, poor communication
practices, or the "guilty-on-suspicion" approach which in several cases
cause grave losses to legitimate ISPs. They certainly do not adhere to
RFC6471 to say the least.

If one of your IPs is blocked by Barracuda, there is absolutely no way
to obtain from them the precise reason for it. This is also the case of
many non-profit services, in which the approach is to block in response
to any complaint (you are guilty until proven innocent, which in itself
is irresponsible at a minimum). To unblock, in most cases there is a
hard via-crucis to try and unblock and the legitimate server owner will
never know the precise reason for the blocking, because many of these
services do not provide proper info on these reasons or clear means of
contact.

Cases like Barracuda are different because their main purpose is to sell
anti-spam software, not to help protect the net against bad practices.
If one of your IPs is blocked, you just fill an online form and it will
be automatically unblocked -- you will never know why it was blocked,
but you do know that it will be blocked again randomly in the future --
until you purchase their system. This happens frequently to our main
mail server, no matter what we do to prove to them that is a legitimate,
perfectly identifiable server, and not one of the typical spam machines
around.

Our Internet services project operates on free and open source software,
by the way, and there is no way the Barracuda execs will make us give
them money to buy proprietary stuff in order to stop what for me amounts
to a form of blackmailing. I mean, they have our DNS manager's email,
they have our full address, they could just let us know there is a
problem (could be done automatically) *before* blocking, but their
purpose is of another nature...

[]s fraternos

--c.a.

On 02/02/2012 07:34 AM, Franck Martin wrote:
> There are only a few good public DNSBL. The best one, I think
> personally, is the aggregator from spamhaus zen.spamhaus.org. There
> are one or two more you should consider, and the others are not worth
> the DNS query for a production mailserver but still interesting as a
> data point..
> 
> There are IETF documents about DNSBL: 
> http://tools.ietf.org/html/rfc6471 
> http://tools.ietf.org/html/rfc5782
> 
> This will help you in choosing which service is best for your mail
> server.
> 
> Getting delisted is sometimes difficult, but it always start by
> following the process published by the person doing the block. If no
> process is found, then write to support or postmaster.
> 
> Be courteous, and ask for more information on the reason of the block
> and what do you need to do to be removed.
> 
> The important part to remember:
> 
> "getting an email delivered to someone mailbox is a privilege not a
> right"
> 
> once you understand that, you will be more privileged.
> 
> PS: I don't think barracuda runs a racket, because many people do not
> use their solution and have no issue sending to barracuda customers,
> however like any system, it has its shortcomings.
> 
> _______________________________________________ Chapter-delegates
> mailing list Chapter-delegates at elists.isoc.org 
> https://elists.isoc.org/mailman/listinfo/chapter-delegates
> 