[RPZ] RPZ Findings.

Raymond Dijkxhoorn raymond at prolocation.net
Thu Dec 20 22:56:46 UTC 2012

Hello Vernon,

>> While i do understand your point of view i dont understand that
>> you are missing the point of a checked corpus. I do understand this
>> is also subject to point of view but without more input i dont
>> understand what this scoring tells me at all.

> Why do you care about any corpus of IP addresses or any other signs
> collected by others in the past?  Your situation differs.  Any fixed
> corpus will be from the distant past by the time you hear about it.

Its depending of your point of view on the world. If a RPZ provider lists 
lets say 'bit.ly' and the number of hits is impacted by that. Its a 
different situation then its all mallware ...

So the measured results do matter.

If in end end you say a better number is higher, and this RPZ provider 
accidently listed lets say gmail.com is this good or bad? I dont know. So 
i would like to see what these percentages hit on.

Without giving more results indepth its nice to see, but still doesnt tell 
me much. Expect that one RPZ provider did 'better' then they other. In 
what way i dont know. If its FP's then the lower percentage would be more 
ok for me personally.

> I disagree.

> I've a guess about the identity of the site, but that is evidently
> also non-public information.

Will follow up with the original poster in private to see if that can be 

> The message also told me that if I were considering RPZ with free
> policy zones, I might start with Spamhaus.
> It also might set a lower bound on a commerical policy zone's hit rate.

If you consider free RPZ you will neither pick SURBL or SpamHaus since 
they both are commercially available only as far as i know.

Please do note that i dont care at all if people use one RPZ over the 
other. Fine if people use them. If i gave you the impression i favour one 
over the other out of personal interest, thats not the right one. Fine if 
you use SH, fine if you use anything else. Thats seperate of the question 
that i would love to see more in detailed results of this test.


More information about the DNSfirewalls mailing list