-----BEGIN PGP SIGNED MESSAGE-----
Tony Finch wrote:
On Thu, 25 Jan 2007, Martin Hannigan wrote:
By tracking the historical behavoir of /32's or larger allocations, we
could develop a profile of the behaviors that will eventually establish
a baseline for those allocations as "good" "nuetral" or "bad", to keep
it kind of simple. A lot of this data is already out there.
Yes, blacklists do this already, though they are binary not ternary.
That's not necessarily true. Many DNSBLs are already multi-valued
(zen.spamhaus.org presently has 6 independent "flags"), and they can be
constructed to be more sophisticated with as many as 2^24 values on a
single return, and/or being used in scoring. It's simply a matter of
deciding on the convention, publishing it, and having admins configure
to the intended interpretation (or not :-(.
... Since they are allocated out of IANA, they
would be legitimate to most RBL's until they were caught in the act, but
by the time they are observed, the allocations are swapped.
You are assuming that blacklists are necessarily based on post-hoc
observation the outgoing email behaviour of IP addresses, and that there
are no blacklists that are based on prior information such as allocations
and hijacking. However, you are wrong: an old example is the DUL, but for
something closer to what you have in mind, have a look at
I was going to mention that...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Asrg mailing list