John Levine wrote:
Some DNSBLs mention that removal requests should come from the person in
charge. Who is that? IMHO, the person in charge for an IP address is the
one mentioned in the corresponding whois record at the relevant RIR. It may
be worth establishing (confirming or denying) that point.
That is much more true in some cases than others. In ARIN territory,
it's fairly rare for space to be SWIPed down to the individual network
IME (in RIPE territory) some connection providers take care to register the
addresses that they allocate "permanently", while others hold that the IP
numbers they provide, even if they are "static", don't actually transfer any
ownership of numbers to their customers.
That is obviously out of scope. However, those practices should have been
standardized already. When talking about what DNSBLs should do, it is hard
to avoid references to the way IPs are allocated. For example:
Tony Finch wrote:
IME as a customer of MAPS, a high proportion of the RBL+'s false positives
that have caused us problems have been caused by MAPS's policy of not
expiring or at least periodically revalidating listings in the RSS. I
particularly remember a problem with an address range that had been
re-allocated to an entirely innocent third party who were suffering
because of data that was several years out of date.
Peter J. Holzer wrote:
On 2008-03-25 22:15:08 -0000, John Levine wrote:
Perhaps, listings based on the observed behavior of the IP should be
temporary. If it's listed because it sends spam, it may well stop
sending spam but if it's listed because it's DHCP space or because
it's in Korea, it won't.
Even that can change. I've seen netblocks move from one European country
to another (within the same provider), and I guess it isn't unusual for
a provider to change an netblock from fixed addresses to dynamic or vice
Once there was a draft about including the word "dynamic" in the reversely
looked up names, in order to tag DHCP addresses appropriately. However,
reverse name delegations are also controlled by connection providers.
MAPS still uses the term "Dial Up List", DUL, even if modem dialling is
nowadays confined to the digital divide ghetto. Spamhaus talks about
"end-user" ip addresses, as if renewed MTAs were not the final users of
the IPs they use. "Residential IP" is some times used to deliver the
concept that ordinary people shouldn't mess up with mail servers. Hm...
Even if IP allocation is not the core of this BCP, I think those concepts
should be clarified, referencing the relevant RFC where apropriate, and
paying attention to the mechanisms that are used when numbers are recycled.
Finally, I'd propose privacy officers as potential readers of this BCP:
They should endorse DNSBLs that they determined to be compliant with best
current practices, for it should be part of patrolling the territory.
Asrg mailing list