An open letter to DNSStuff

Over on, you'll find my open letter to DNSStuff, where I take them to task for providing incorrect and out-of-date information in their blacklist lookup tool results, even after being warned (and not just by me). Click here to read more.

An open letter to DNSStuff

Dear DNSStuff,

You call your site “the center of the DNS universe” and position yourselves as experts on DNS, but it's time for me to question the DNSBL data and advice you hand out.

On multiple occasions, you've portrayed blacklisting issues as significant by returning blacklist results for certain DNSBLs, even though those lists don't drive any significant blocking issues (or don't block any spam) because they're dead or severely broken.

I've been around the block long enough to know that not every blacklist hit means there's an issue you need to worry about. Some lists have been dead for many months, and others list half the earth. In both of those instances, they're not really blacklists any more as much as historical artifacts waiting to be shut down and carted away.

If DNSStuff is going to continue to provide a widely used blacklist lookup tool, it's time to refine that tool so that it's actively maintained, and change the process so that DNSBL experts are actually involved in its upkeep. I'm not angling for a job here; I've already got one. But clearly, this section of your website needs more direct and active oversight, including involvement from people with significant DNSBL expertise.

Why? Well, let's start with a recap of how that whole APEWS restriction/ transition was handled by DNSStuff.

I contacted Kristina O'Connell, DNSStuff's VP of Marketing, on August 18, 2007. In that email I explained to her how because DNSStuff is incorrectly telling the whole entire world that it is listed on APEWS. UCEProtect had revoked its hosting of the APEWS zones five days previous and subsequently decided to replace the zone with a wildcard entry, to nudge sites to stop using the zone. As this is how DNSStuff was checking APEWS, it was returning data that was scaring email administrators unnecessarily.

She forwarded that email to Kevin Hutchins from DNSStuff support, who responded to me two days later, on August 20, 2007. Kevin explained that DNSStuff is already aware of the issue, and that they had to ask UCEProtect to put in a special text entry to “buy [DNSStuff] some time” to update their DNSBL tool and that they hoped to fix the problem sometime that week. He also went on at length about their responsibility to not judge a list and how they should continue to show all public DNSBLs, to provide a full picture of the space.

All fine and good – except that's not only what they're doing. They're also showing broken lists (APEWS) and dead lists (SPEWS). Leaving them in place produces a myriad of false positives, especially in the case of the UCEProtect APEWS zone.

Kevin also indicated that I was definitely not the only person to raise this issue to them recently.

This has been resolved – finally. I don't know exactly when, but they do seem to be querying APEWS directly now. It was only broken for days.

But wait – maybe it's not all fine and good. APEWS has blacklisted the IP address of DNSStuff's web server. Why? Does DNSStuff send spam? Or is APEWS an overly aggressive, broken list that shouldn't be relied upon?

And then there is SPEWS. Just the other day, I ran across this thread on the DNSStuff Discussion Boards, a paying DNSStuff user points out how the SPEWS blacklist has been dead for more than a year. He's right: It's dead and gone. The website still sits there, and who knows, maybe it could come back someday. But for now, it's frozen and not usable. The SPEWS data files are empty.

Kevin's answer in this thread is that they'll consider adding another asterisk of “not to be used.” As opposed to “doesn't exist,” or removing it because it no longer exists. In my opinion, that's not good enough. It doesn't stop the poor souls, who are not DNS experts, from thinking they have an issue, from running around asking for help, trying to solve an issue that doesn't actually exist.

As a long-time participant in various usenet newsgroups relating to spam fighting, I'm one of a multitude of first hand observers who've watched as system administrators come to these newsgroups begging for assistance. Why? Not because they saw a piece of mail being blocked; not because they've got a reject message in hand linking them to a specific DNSBL, but because they put their IP address into a webform on and were informed that they were blacklisted, because DNSStuff told them that they were.

For DNSStuff to continue to show SPEWS in lookup results is laughable. It's the exact opposite of expertise. Please, fix it. Please, bring actual DNSBL experts in to help you build a better tool.

I know you read my site – as you've reached out to me, looking for my help in the past. So I know you'll see this letter. I hope you'll heed this wakeup call.

Al Iverson and