DNS Blacklists Considered Harmful
As spam continues to grow throughout the Internet, various countermeasures have been developed. Among these is the "DNS blacklist", a DNS server configured to return a "good" or "bad" response to a query on a given IP address; mail servers can be configured to automatically query such a server and reject messages which are flagged "bad". If the blacklist is accurate, this allows mail servers to reject spam without wasting the time of the human recipient or the resources of the server. However, between delays in responding to environmental changes and arbitrary operational decisions by blacklist operators, such blocking of mail in fact causes significant harm to innocent third parties. This memo describes the issues concerning these blacklists and suggests ways to resolve the attendant problems.