On Dec 18, ph10@??? (Philip Hazel) wrote:
> > It would be nice to be able to do spam control from one location.
>
> <details of using DNS snipped>
>
> That is an interesting idea. I know that some sites that want to share
> this kind of information are using NIS or NIS+ to do it. Your idea of
> using DNS TXT records as a kind of database has a certain attraction.
>
> The rules for doing that kind of lookup would be just to add the given
> extension onto the key, and then look for a TXT record. Hmm. Not quite.
> Since DNS domain names have a restricted set of permitted characters,
> there would have to be rules for handling the rest. In practice it's
> probably only @ that matters, and this could be turned into . as you
> suggest.
> One disadvantage I see to using this kind of lookup for spam filtering
> is that the DNS isn't the sort of thing you really want to be updating
> often, at short notice, and slamming in a spam filter quickly is
> something one sometimes wants to do. If your mail systems are spread
> around a large network with several secondary nameservers, a DNS update
> will take some time to propagate.
I think that wider coverage where a very large number of machines start
to pay attention to the filter automatically would be very beneficial
even if it is a bit slower. The can also be reduced at the expense of a
higher refresh rate by keeping the TTL low. Say on the order of a few
hours at most.
I wonder how many mail admins would point their mail server at
blacklist.aol.com if it was available? Heck, if it was accurate
many companies might even pay for the privilege.
Interestingly this scheme also works for domains that are not valid.
If I send out my email with this_is@not_a_valid.domain.com, that
address can be added to the blacklist.
We don't even have to timeout on the main DNS lookup first. Do the
blacklist check first and die immediately.
--
Stuart Lynne <sl@???> 604-933-1000 <http://www.poste.com>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 88 EC A3 EE 2D 1C 15 68