Speaking of Spamhaus, this just popped up in my RSS feed reader. It looks like Spamhaus is going to take a harder stance against users who query their lists via open or public DNS systems (such as Google Public DNS or Cloudflare's 1.1.1.1 Service). They're going to respond to all queries from public/open DNS systems with a new 127.255.255.254 answer code, and respond to excessive queries from other sources with a new 127.255.255.255 response code. The net here is that if you query Spamhaus a lot, and aren't a registered, paying user, or if you use public DNS services for even your small hobbyist server, you're going to get cut off.
And based on the way this is implemented, it's possible that a bunch of legitimate mail will start bouncing before all Spamhaus users figure it out.
Even on my own hobbyist Linux box, I'm likely to run afoul of this. Instead of running my own DNS server, I just use Google's public DNS, and I use Spamhaus's "Zen" blocklist in my Postfix email server. Or at least I did, until I removed that DNSBL from the mail server configuration just now.
Stay tuned. I bet we're going to start seeing people popping up to ask why they're suddenly not receiving any more inbound mail.
Click here to head on over to Spamhaus to read the announcement.
1
Comments
Why did they do this?
ReplyDeleteNo where on their Usage page or Usage FAQ (even under the topic "Must I run my own DNS server to use DNSBLs") do the say you can't use a public dns if you are using their free service.
If you didn't see there news post today you wouldn't know you are doing something wrong until you had it all set up and started looking at the return codes because you were not getting any mail.
Did I miss something?