Re: Spamhaus...

[Jon Lewis <jlewis () lewis org>]

I'm really amazed the thread police haven't pulled this one over and 
hauled it off to jail.  The questions of when/whether/and to who bounces 
should be sent is a debate for spam-l or nanae.

IMO, the original question in this thread was on-topic, but unfortunately 
it got very little discussion before things devolved into "why are you 
sending bounces?" and "I suppose you can't read the RFCs."

The original question, "what do you do (or have you done) when DNSBL-X 
approaches you saying that your network is hitting their public NS's too 
hard and wants you to pay for continued access?" is something I'd like to 
see some answers to.  Despite the Subject:, Spamhaus is neither the only 
DNSBL currently doing this nor the first to watch statistics on their 
public NS's and approach networks asking for money and/or cutting off 
access if you don't pay.

Maybe you run a mail cluster that uses DNSBL-X.  Maybe you haven't even 
heard of it, but you have enough customers using it, and querying through 
your caching DNS servers that your network has come up on their radar as a 
"heavy user".  Telling your heavy user customers to stop using your DNS 
cache probably won't help.  I know at least some of these orgs aggregate 
queries either per RIR assigned CIDR or per ASN, so spreading the queries 
out isn't likely to get you around the issue.

So, do you pay, and setup your own local copy of the zones?  Let them 
block your servers/network and let those of your customers who care make 
their own arrangements for continued access?

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________