[SLL] collaborate on a dnsbl?

Russell Evans russell-evans at qwest.net
Thu May 12 22:08:20 PDT 2005 

On Thu, 12 May 2005 14:47:13 -0700 (PDT)
"Chuck Wolber" <chuckw at quantumlinux.com> wrote:

> On Thu, 12 May 2005, Russell Evans wrote:
> 
> > spf seems a better way for blocking mail from infected hosts. 
> > http://spf.pobox.com/
> 
> That's not how SPF works. SPF only says what hosts are allowed to send
> email for a given domain. It's entirely feasable for a host within
> that  realm to be infected somehow.

You're perfectly right, my assumption was mail servers on a domain
specified via spf would be more protected and much less to not likely be
infected, but in the case they aren't:

If there are 14 million domains, say with an average of 4 mail servers
per domain specified via spf, then we have 56 million target hosts.

It looks like ordb has 255,000 hosts in its rbl, depressingly it looks
very steady. 
 http://ordb.org/statistics/relaycount/

Interesting, by SMTP server
 http://ordb.org/statistics/daemons/
 
350 million hosts on the internet
 http://www.isc.org/index.pl?/ops/ds/

14 million domains
 http://www.nw.com/zone/WWW/dist-bynum.html

255,000 rbl hosts / 350 million hosts x 56 million targets = 40800
statically infected mail servers in a spf world

350 million hosts / 14 million domains = 25 host per domain
( at 25 hosts per domain, I think my assumption of 4 mail servers per
domain is high. It probably only averages 2 per domain - 20400
statically infected mail servers)

Because spf is domain based, spam could be blocked by domain rbls 
 40800 infected servers / 25 hosts per domain = 1632 domains needing to
be blocked.

Even though I think the assumption on the average number of mail servers
per domain being four is double and I think the 255,000 hosts in the
ordb are not only infected hosts, it still seems pretty manageable. 

It would really be interesting to see the total number of hosts in all
the rbls.  Maybe it is double or more the number in the ordb. All the
hosts in every black lists would need to number 156 times the 255000
ordb hosts, this would be ~40 million, to have a spf black list be as
large as the ordb. That would mean 11% of the hosts on the Internet
would need to be infected today. I wish I could find a number on the
total number of infected hosts on the Internet today.. 

Ok so what's my point? No clue. I was hoping the numbers would show its
possible only to use spf, but I think I showed a spf rbl is still
needed. Oh well.

Thank you
Russell

More information about the linux-list mailing list