From asrg-bounces@ietf.org Mon Mar 24 11:27:04 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00, RCVD_IN_BSP_OTHER,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1206986071.89314@G4j0TFGkpFJLoWbmfEbHwQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Mon, 24 Mar 2008 11:27:04 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2OHsPaJ027721 for ; Mon, 24 Mar 2008 13:54:30 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F27973A6E9A; Mon, 24 Mar 2008 10:56:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6UlkqC-9Sdo; Mon, 24 Mar 2008 10:56:02 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 84A823A6EB8; Mon, 24 Mar 2008 10:56:01 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF9A53A6EC0 for ; Mon, 24 Mar 2008 10:56:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrrJFgdLkApz for ; Mon, 24 Mar 2008 10:55:59 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id 21D183A6EB6 for ; Mon, 24 Mar 2008 10:55:55 -0700 (PDT) Received: (qmail 2737 invoked from network); 24 Mar 2008 17:53:36 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 24 Mar 2008 17:53:36 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Mar 2008 17:53:36 -0000 Date: Mon, 24 Mar 2008 13:53:36 -0400 (EDT) From: John Levine To: Anti Spam Research Group Message-ID: User-Agent: Alpine 1.00 (BSF 882 2007-12-20) Cleverness: None detected MIME-Version: 1.0 Content-ID: Subject: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean We finally have a revised draft of the BCP for blacklists. Take a look and see what if anything merits changes. Keep in mind that this is a separate document from the one that describes how blacklists work. Both are linked from the wiki http://wiki.asrg.sp.am. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly. ---------- Forwarded message ---------- Date: Mon, 24 Mar 2008 17:18:00 +0000 (UTC) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Newsgroups: iecc.lists.ietf Subject: I-D Action: draft-irtf-asrg-bcp-blacklists-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Guidelines for Management of DNS Blacklists for Email Author(s) : C. Lewis, M. Sergeant Filename : draft-irtf-asrg-bcp-blacklists-01.txt Pages : 14 Date : 2008-03-24 The rise of spam and other anti-social behavior on the Internet has led to the creation of shared blacklists and whitelists of IP addresses or domains. This memo discusses guidelines for management of public DNS blacklists (DNSBLs). The document will seek BCP status. Comments and discussion of this document should be addressed to the asrg@ietf.org mailing list. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-irtf-asrg-bcp-blacklists-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 09:27:04 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-1.1 required=4.0 tests=BAYES_05,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207064979.65686@zahRtiJDeHlrD0kBkVhsNA X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 09:27:04 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PFnYwU006293 for ; Tue, 25 Mar 2008 11:49:39 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC6E528C50F; Tue, 25 Mar 2008 08:51:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGIBIHiFrgw3; Tue, 25 Mar 2008 08:51:00 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A1E63A6BAE; Tue, 25 Mar 2008 08:51:00 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C86043A6B0A for ; Tue, 25 Mar 2008 08:50:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIAoATvwWrlU for ; Tue, 25 Mar 2008 08:50:52 -0700 (PDT) Received: from wmail.tana.it (unknown [194.243.254.163]) by core3.amsl.com (Postfix) with ESMTP id 50C3828C4F2 for ; Tue, 25 Mar 2008 08:50:06 -0700 (PDT) Received: from [122.225.128.115] ([122.225.128.115]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wmail.tana.it with esmtp; Tue, 25 Mar 2008 16:47:31 +0100 id 000CA699.47E91E94.0000354C Message-ID: <47E91E9B.3040707@tana.it> Date: Tue, 25 Mar 2008 23:47:39 +0800 From: Alessandro Vesely User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: In-Reply-To: Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean John Levine wrote: > We finally have a revised draft of the BCP for blacklists. Take a look > and see what if anything merits changes. As a newbie, I post my opinion in the hope that it can be a useful feedback. | a private DNSBL is used solely by an | organization for its own use and the data is not made available | publicly. I would drop "solely". Even if the data cannot be looked up, there may be forwarding agreements. For example, Hotmail allows postmasters to subscribe in order to be informed about spam reports related to their IP addresses. | This document is also intended to provide guidance to DNSBL | administrators so that [...] Why "also", isn't it the primary purpose? (I'd say there is no substantial difference between DNSBL operators and administrators.) Rather, I would mention there that the document also provides guidance for DNSBLs users, in view of the section that follows. BTW, a section is missing about end users' role in reacting to bounces. | 6. Are web pages for removal requirements accessible and working | properly? That they are working properly is too difficult to assess, for a user. I would add two points to that list: * If at all possible, system admins should allow their customers to configure which DNSBLs they want to disable for their mail, if any. * System admins should make sure they don't lock out their own customers. (This sounds obvious, but since the corresponding recommendation is made for DNSBL admins...) | 2.2.2. A Direct Non-Public Way to Request Removal SHOULD Be Available Some DNSBLs mention that removal requests should come from the person in charge. Who is that? IMHO, the person in charge for an IP address is the one mentioned in the corresponding whois record at the relevant RIR. It may be worth establishing (confirming or denying) that point. BTW, is it a good practice to send listing/removal notices to the relevant postmaster or abuse addresses? | 2.2.3. Removals SHOULD Be Prompt | | Requests for removal SHOULD be honored without question. [...] That section apparently assumes more about a DNSBL's policy than the rest of the BCP. For example, a previous section considers listings associated with geographic information. Aren't there valid exceptions for automatic delisting? | 2.2.4. SHOULD Have Similar Criteria for Listing and Delisting "Criteria for Listing and Delisting SHOULD be symmetrical." Sounds better? | 3.4. Shutdowns MUST Be Done in a Graceful Fashion Since it has been mentioned that commercial DNSBLs exist, it may make sense to recommend that they use adequate renewal methods. (For example, Trend Micro is still missing a credit card based self-renewal web page.) _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 09:27:06 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.7 required=4.0 tests=AWL,BAYES_00, RCVD_IN_BSP_OTHER,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207066233.05472@aqSiCVDe/jZ9GzWVSGtCoQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 09:27:06 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PGAPtP013939 for ; Tue, 25 Mar 2008 12:10:30 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C1E53A6F16; Tue, 25 Mar 2008 09:12:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q2BJEBxxbm85; Tue, 25 Mar 2008 09:12:22 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03AD228C44A; Tue, 25 Mar 2008 09:11:59 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B85933A6F26 for ; Tue, 25 Mar 2008 09:11:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SG10YS-Ehn5b for ; Tue, 25 Mar 2008 09:11:56 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id E891128C53D for ; Tue, 25 Mar 2008 09:10:16 -0700 (PDT) Received: (qmail 58846 invoked from network); 25 Mar 2008 16:07:57 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 25 Mar 2008 16:07:57 -0000 Date: 25 Mar 2008 16:07:57 -0000 Message-ID: <20080325160757.22934.qmail@simone.iecc.com> From: John Levine To: asrg@ietf.org In-Reply-To: <47E91E9B.3040707@tana.it> Organization: Cc: asrg@ietf.org X-Headerized: yes Mime-Version: 1.0 Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean >As a newbie, I post my opinion in the hope that it can be a useful feedback. Thanks for taking a look. > >| a private DNSBL is used solely by an >| organization for its own use and the data is not made available >| publicly. > >I would drop "solely". Even if the data cannot be looked up, there may be >forwarding agreements. For example, Hotmail allows postmasters to subscribe >in order to be informed about spam reports related to their IP addresses. That's not a DNSBL, that's a feedback loop (FBL). They're not related. > I would mention there that the document also provides guidance for >DNSBLs users, in view of the section that follows. I'll defer to Chris, but I don't think that's the intention at all. This is about how to run a DNSBL, not about how a user at some ISP interacts with the people at his ISP who manage the mail. >* If at all possible, system admins should allow their customers to configure > which DNSBLs they want to disable for their mail, if any. In my experience, although admins are hardly infallible, users tend to make much worse decisions. I cannot tell you how many inane arguments I've had from users saying "you need to whitelist this IP" when whatever the problem was had nothing to do with IP blacklisting. >* System admins should make sure they don't lock out their own > customers. (This sounds obvious, but since the corresponding > recommendation is made for DNSBL admins...) Not a bad thing to mention. Eircom, the large Irish ISP, has exactly this problem, a mail system that roaming users can't use due to their sloppy use of DNSBLs. >| 2.2.2. A Direct Non-Public Way to Request Removal SHOULD Be Available > >Some DNSBLs mention that removal requests should come from the person in >charge. Who is that? IMHO, the person in charge for an IP address is the >one mentioned in the corresponding whois record at the relevant RIR. It may >be worth establishing (confirming or denying) that point. That is much more true in some cases than others. In ARIN territory, it's fairly rare for space to be SWIPed down to the individual network customer. >| 2.2.3. Removals SHOULD Be Prompt >| >| Requests for removal SHOULD be honored without question. [...] > >That section apparently assumes more about a DNSBL's policy than the rest of >the BCP. For example, a previous section considers listings associated with >geographic information. Aren't there valid exceptions for automatic delisting? Good point, worth a little clarification. >| 2.2.4. SHOULD Have Similar Criteria for Listing and Delisting > >"Criteria for Listing and Delisting SHOULD be symmetrical." Sounds better? But it's not right. In particular, DNSBLs that list due to observed behavior, e.g. hitting spamtraps, usually stop paying attention to delist requests for IPs that keep relisting themselves. >| 3.4. Shutdowns MUST Be Done in a Graceful Fashion > >Since it has been mentioned that commercial DNSBLs exist, it may make sense >to recommend that they use adequate renewal methods. (For example, Trend Micro >is still missing a credit card based self-renewal web page.) Way out of scope here. If your Trend subscription expires, that's not the same thing as the list being shut down. R's, John _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 10:27:05 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207068532.4762@pcTmDcCuGLyv2HlyRS9zhw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 10:27:05 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PGmkEk012390 for ; Tue, 25 Mar 2008 12:48:51 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C627328C399; Tue, 25 Mar 2008 09:50:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xb1HN+aU7Z75; Tue, 25 Mar 2008 09:50:34 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2255528C0EC; Tue, 25 Mar 2008 09:50:34 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5A9D28C0DB for ; Tue, 25 Mar 2008 09:50:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t0+e3keGvI5A for ; Tue, 25 Mar 2008 09:50:26 -0700 (PDT) Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id 5AE4D28C399 for ; Tue, 25 Mar 2008 09:50:20 -0700 (PDT) Received: from zcarhxs1.corp.nortel.com (zcarhxs1.corp.nortel.com [47.129.230.89]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id m2PGlUH06774 for ; Tue, 25 Mar 2008 16:47:30 GMT Received: from [47.129.150.176] ([47.129.150.176] RDNS failed) by zcarhxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 25 Mar 2008 12:47:58 -0400 Message-ID: <47E92CBD.50500@nortel.com> Date: Tue, 25 Mar 2008 12:47:57 -0400 From: "Chris Lewis" User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: <20080325160757.22934.qmail@simone.iecc.com> In-Reply-To: <20080325160757.22934.qmail@simone.iecc.com> X-OriginalArrivalTime: 25 Mar 2008 16:47:58.0074 (UTC) FILETIME=[FAE77DA0:01C88E97] Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean John Levine wrote: >> As a newbie, I post my opinion in the hope that it can be a useful feedback. > > Thanks for taking a look. > >> | a private DNSBL is used solely by an >> | organization for its own use and the data is not made available >> | publicly. >> >> I would drop "solely". Even if the data cannot be looked up, there may be >> forwarding agreements. For example, Hotmail allows postmasters to subscribe >> in order to be informed about spam reports related to their IP addresses. > > That's not a DNSBL, that's a feedback loop (FBL). They're not related. Still, dropping "solely" isn't a bad idea. I keep thinking "fish, yum" ;-) >> I would mention there that the document also provides guidance for >> DNSBLs users, in view of the section that follows. > > I'll defer to Chris, but I don't think that's the intention at all. > This is about how to run a DNSBL, not about how a user at some ISP > interacts with the people at his ISP who manage the mail. The target is DNSBL operators and DNSBL users - DNSBL users are typically mail server admins - or at least, that's how we're intending it. If it's not clear, we can fix that. I consider end-users twiddling their own DNSBLs to be out of scope. Does this need to be clarified? >> * If at all possible, system admins should allow their customers to configure >> which DNSBLs they want to disable for their mail, if any. > > In my experience, although admins are hardly infallible, users tend to > make much worse decisions. I cannot tell you how many inane arguments > I've had from users saying "you need to whitelist this IP" when > whatever the problem was had nothing to do with IP blacklisting. That is site policy. Out of scope. As for reacting to rejections - I pondered adding a fairly general section on "filtering BCP" (eg: reject not bounce etc), which could include how an end user reacts to a rejection message, but that's a whole new can of worms, and I'd just like to get _this_ BCP done and out of the way before attempting something like that. Now that I finally know how to do RFC formatting myself, perhaps I'll do more of these things... ;-) >> * System admins should make sure they don't lock out their own >> customers. (This sounds obvious, but since the corresponding >> recommendation is made for DNSBL admins...) > Not a bad thing to mention. Eircom, the large Irish ISP, has exactly > this problem, a mail system that roaming users can't use due to their > sloppy use of DNSBLs. Yup. Should put in something specifically about "READ the terms and conditions and suitability for a given purpose. Eg: don't block your own users with a PBL". >> | 2.2.2. A Direct Non-Public Way to Request Removal SHOULD Be Available >> >> Some DNSBLs mention that removal requests should come from the person in >> charge. Who is that? IMHO, the person in charge for an IP address is the >> one mentioned in the corresponding whois record at the relevant RIR. It may >> be worth establishing (confirming or denying) that point. > That is much more true in some cases than others. In ARIN territory, > it's fairly rare for space to be SWIPed down to the individual network > customer. I think it better to leave that up to the DNSBL instructions page. It certainly isn't advisable in general to hit postmaster@DNSBL etc. They may be completely different entities not related to each other. Might be worth saying "read the contact instructions dammit!" ;-) >> | 2.2.3. Removals SHOULD Be Prompt >> | >> | Requests for removal SHOULD be honored without question. [...] >> >> That section apparently assumes more about a DNSBL's policy than the rest of >> the BCP. For example, a previous section considers listings associated with >> geographic information. Aren't there valid exceptions for automatic delisting? > > Good point, worth a little clarification. Will take that under advisement ;-) >> | 2.2.4. SHOULD Have Similar Criteria for Listing and Delisting >> "Criteria for Listing and Delisting SHOULD be symmetrical." Sounds better? > But it's not right. In particular, DNSBLs that list due to observed > behavior, e.g. hitting spamtraps, usually stop paying attention to > delist requests for IPs that keep relisting themselves. We're trying to avoid pure symmetry to give some room for DNSBLs to offer additional instructions not entirely symmetrical with the given listing, but at the same time, try to heavily discourage the extremes (DNSBLs acting like a protection racket). >> | 3.4. Shutdowns MUST Be Done in a Graceful Fashion >> >> Since it has been mentioned that commercial DNSBLs exist, it may make sense >> to recommend that they use adequate renewal methods. (For example, Trend Micro >> is still missing a credit card based self-renewal web page.) > > Way out of scope here. If your Trend subscription expires, that's not the > same thing as the list being shut down. Agreed. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 11:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.9 required=4.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207071524.51523@Iz4cDjEO7hp1uYEIu5dNNw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 11:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PHcbC3022065 for ; Tue, 25 Mar 2008 13:38:43 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2A4C3A6F28; Tue, 25 Mar 2008 10:40:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gK-Lt3xy8fmf; Tue, 25 Mar 2008 10:40:27 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB1393A6DFD; Tue, 25 Mar 2008 10:40:27 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74CD73A6DB7 for ; Tue, 25 Mar 2008 10:40:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2tepeQVYztx for ; Tue, 25 Mar 2008 10:40:25 -0700 (PDT) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by core3.amsl.com (Postfix) with ESMTP id 8E0A73A6D73 for ; Tue, 25 Mar 2008 10:40:25 -0700 (PDT) Received: by wf-out-1314.google.com with SMTP id 25so2859154wfa.31 for ; Tue, 25 Mar 2008 10:38:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=phsDNKSte+vtoHvgQUv1k68lhCfccK2vl/5fp8cDzdQ=; b=Ot6Wo/bxItn5oiNpa3rGz5JVkkfFC/WKWEOZRrRcby5/gOgRkz9zvuCcZNqAciw2iUwnEWcFmMq6W/zMedILw2c90EO8dpWUJNxW+LRpPjf+QGtgMZXYyz/2tnZn/JBT1AXTkVWt1waltNM+ZxITiUjARnT/jznkzlSFMCMgUh4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o7OWd1UMtL2W/VXqnxuDIVQurfKNdYRZoF6kl7YbWX6HWMEdmWnU9CaCUP+VoznRAwYWoEga2iLAGTn0Z7wWW3/2fsJw2B0oAFaWnkLkULjulyPTbz9cWIpjcI1iDbu0Ebg1U6TUvt7vOKHKj8TBdDrkUW03dQfXyf4HycKBo/E= Received: by 10.142.142.16 with SMTP id p16mr4237729wfd.123.1206466682316; Tue, 25 Mar 2008 10:38:02 -0700 (PDT) Received: by 10.115.60.15 with HTTP; Tue, 25 Mar 2008 10:38:02 -0700 (PDT) Message-ID: <934f64a20803251038o395430e9l431c776246e97143@mail.gmail.com> Date: Tue, 25 Mar 2008 12:38:02 -0500 From: "David Nicol" To: "Anti-Spam Research Group - IRTF" In-Reply-To: <47E92CBD.50500@nortel.com> MIME-Version: 1.0 Content-Disposition: inline References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Tue, Mar 25, 2008 at 11:47 AM, Chris Lewis wrote: > The target is DNSBL operators and DNSBL users - DNSBL users are > typically mail server admins - or at least, that's how we're intending > it. If it's not clear, we can fix that. I consider end-users twiddling > their own DNSBLs to be out of scope. Does this need to be clarified? you never know who is going to suddenly become a mail server admin. I would think a good imaginary reader for this document would be a literature professor who had a volunteer geek set up a mailing list system on their home computer which has a dynamic IP and through the magic of dyndns.org, the whole system works just fine for several years until one day, after an ice storm, Dr. Nadagik's box loses the DHCP lottery and is inconvenienced by drawing a nomber formerly occupied by a neighbor with poor download hygiene and a tendency to have his decrepit equipment compromised by operators of global anonymous botnets. Dr. Nadagik's IT staff is long gone, and she decides to figure out what is going on, as several of the presitigious members of her mailnig list are no longer getting their messages even though they are still subscribed, and the list server logs, which she has never actually had occasion to read before now -- have some new text in them mentioning a numbered RFC, whatever that is. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 11:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207074378.3854@vqGEdHpthLu2G1ahwKqjgQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 11:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PIQ6IA029281 for ; Tue, 25 Mar 2008 14:26:15 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6321E28C0EC; Tue, 25 Mar 2008 11:27:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtERh7xwDueO; Tue, 25 Mar 2008 11:27:57 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F7CE3A6C48; Tue, 25 Mar 2008 11:27:57 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B26FA3A6B6D for ; Tue, 25 Mar 2008 11:27:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2OWCf6Qc83Ez for ; Tue, 25 Mar 2008 11:27:55 -0700 (PDT) Received: from webmail.returnpath.net (webmail.returnpath.net [67.154.224.203]) by core3.amsl.com (Postfix) with ESMTP id C25283A6A81 for ; Tue, 25 Mar 2008 11:27:54 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 25 Mar 2008 14:24:40 -0400 Message-ID: <3B5E0B6321289441AAB5419A6F7B6B52914AC3@rpnyex01.rpcorp.local> In-Reply-To: <934f64a20803251038o395430e9l431c776246e97143@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt Thread-Index: AciOnvSH1mYRLTgNRpC+kgRBcWm9ugABWxbQ References: <20080325160757.22934.qmail@simone.iecc.com><47E92CBD.50500@nortel.com> <934f64a20803251038o395430e9l431c776246e97143@mail.gmail.com> From: "J D Falk" To: "Anti-Spam Research Group - IRTF" Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean David Nicol wrote: > I would think a good imaginary reader for this document would be a > literature professor who had a volunteer geek set up a mailing list > system on their home computer which has a dynamic IP and through the > magic of dyndns.org, the whole system works just fine for several > years until one day, after an ice storm, Dr. Nadagik's box loses the > DHCP lottery and is inconvenienced by drawing a nomber formerly > occupied by a neighbor with poor download hygiene and a tendency to > have his decrepit equipment compromised by operators of global > anonymous botnets. Oh, woe betide the poor server whose DHCP, after failure, doth return askew! Hast thou so quickly dismissed thy geekly intern, and through forgetful folly neglect to request that full documentation be laid upon thy hand? And now, poor fool, finding much email rejected through past actions solely of thy neighbor, seek you enlightenment from this poor RFC? 'Tis but feeble illumination ye shall find here, alas, for 'tis solely through pedantry and endless argumentation were such as this writ. Another intern, methinks, must thou now seek -- and unto that fresh and welcoming mind deliver such best practices as to make dizziness ensue. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 12:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.7 required=4.0 tests=AWL,BAYES_00, RCVD_IN_BSP_OTHER,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207074922.9638@rIMDFLPJBqI2tIgab6xXpQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 12:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PIZHsM030135 for ; Tue, 25 Mar 2008 14:35:22 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 262FE28C408; Tue, 25 Mar 2008 11:37:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 258jIRT-GTYj; Tue, 25 Mar 2008 11:37:23 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2952728C2C5; Tue, 25 Mar 2008 11:37:23 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F04AD3A6ED4 for ; Tue, 25 Mar 2008 11:37:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw28ag6Cj7DQ for ; Tue, 25 Mar 2008 11:37:21 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id E8D3B3A6901 for ; Tue, 25 Mar 2008 11:37:20 -0700 (PDT) Received: (qmail 69163 invoked from network); 25 Mar 2008 18:35:00 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 25 Mar 2008 18:35:00 -0000 Date: 25 Mar 2008 18:35:00 -0000 Message-ID: <20080325183500.57862.qmail@simone.iecc.com> From: John Levine To: asrg@ietf.org In-Reply-To: <3B5E0B6321289441AAB5419A6F7B6B52914AC3@rpnyex01.rpcorp.local> Organization: Cc: asrg@ietf.org X-Headerized: yes Mime-Version: 1.0 Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean >Oh, woe betide the poor server whose DHCP, after failure, doth return >askew! Hast thou so quickly dismissed thy geekly intern, and through >forgetful folly neglect to request that full documentation be laid upon >thy hand? And now, poor fool, finding much email rejected through past >actions solely of thy neighbor, seek you enlightenment from this poor >RFC? 'Tis but feeble illumination ye shall find here, alas, for 'tis >solely through pedantry and endless argumentation were such as this >writ. Another intern, methinks, must thou now seek -- and unto that >fresh and welcoming mind deliver such best practices as to make >dizziness ensue. You understand, of course, that this means that now we're going to ask you to rewrite the whole BCP. R's, John _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 12:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207075014.05731@iimLwGmQT8wBwNvaMxU0FA X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 12:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PIal0Y030309 for ; Tue, 25 Mar 2008 14:36:52 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEF5B28C4AB; Tue, 25 Mar 2008 11:39:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRORzFHb-L-T; Tue, 25 Mar 2008 11:38:59 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CDB628C3C1; Tue, 25 Mar 2008 11:38:59 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9EB23A6785 for ; Tue, 25 Mar 2008 11:38:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Df-XsyIAygzx for ; Tue, 25 Mar 2008 11:38:54 -0700 (PDT) Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by core3.amsl.com (Postfix) with ESMTP id C504C3A69B3 for ; Tue, 25 Mar 2008 11:38:54 -0700 (PDT) Received: from [IPv6:::1] (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id D7B70A94451 for ; Tue, 25 Mar 2008 18:36:35 +0000 (UTC) Message-Id: <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> From: Douglas Otis To: Anti-Spam Research Group - IRTF In-Reply-To: <47E92CBD.50500@nortel.com> Mime-Version: 1.0 (Apple Message framework v919.2) Date: Tue, 25 Mar 2008 11:36:34 -0700 References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> X-Mailer: Apple Mail (2.919.2) Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Mar 25, 2008, at 9:47 AM, Chris Lewis wrote: > John Levine wrote: >>> As a newbie, I post my opinion in the hope that it can be a useful >>> feedback. >> >> Thanks for taking a look. >> >>> | a private DNSBL is used solely by an >>> | organization for its own use and the data is not made available >>> | publicly. >>> >>> I would drop "solely". Even if the data cannot be looked up, there >>> may be >>> forwarding agreements. For example, Hotmail allows postmasters to >>> subscribe >>> in order to be informed about spam reports related to their IP >>> addresses. >> >> That's not a DNSBL, that's a feedback loop (FBL). They're not >> related. > > Still, dropping "solely" isn't a bad idea. I keep thinking "fish, > yum" ;-) > >>> I would mention there that the document also provides guidance for >>> DNSBLs users, in view of the section that follows. >> >> I'll defer to Chris, but I don't think that's the intention at all. >> This is about how to run a DNSBL, not about how a user at some ISP >> interacts with the people at his ISP who manage the mail. > > The target is DNSBL operators and DNSBL users - DNSBL users are > typically mail server admins - or at least, that's how we're intending > it. If it's not clear, we can fix that. I consider end-users > twiddling > their own DNSBLs to be out of scope. Does this need to be clarified? > >>> * If at all possible, system admins should allow their customers >>> to configure >>> which DNSBLs they want to disable for their mail, if any. >> >> In my experience, although admins are hardly infallible, users tend >> to >> make much worse decisions. I cannot tell you how many inane >> arguments >> I've had from users saying "you need to whitelist this IP" when >> whatever the problem was had nothing to do with IP blacklisting. > > That is site policy. Out of scope. > > As for reacting to rejections - I pondered adding a fairly general > section on "filtering BCP" (eg: reject not bounce etc), which could > include how an end user reacts to a rejection message, but that's a > whole new can of worms, and I'd just like to get _this_ BCP done and > out > of the way before attempting something like that. > > Now that I finally know how to do RFC formatting myself, perhaps > I'll do > more of these things... ;-) > >>> * System admins should make sure they don't lock out their own >>> customers. (This sounds obvious, but since the corresponding >>> recommendation is made for DNSBL admins...) > >> Not a bad thing to mention. Eircom, the large Irish ISP, has exactly >> this problem, a mail system that roaming users can't use due to their >> sloppy use of DNSBLs. > > Yup. Should put in something specifically about "READ the terms and > conditions and suitability for a given purpose. Eg: don't block your > own users with a PBL". > >>> | 2.2.2. A Direct Non-Public Way to Request Removal SHOULD Be >>> Available >>> >>> Some DNSBLs mention that removal requests should come from the >>> person in >>> charge. Who is that? IMHO, the person in charge for an IP address >>> is the >>> one mentioned in the corresponding whois record at the relevant >>> RIR. It may >>> be worth establishing (confirming or denying) that point. > >> That is much more true in some cases than others. In ARIN territory, >> it's fairly rare for space to be SWIPed down to the individual >> network >> customer. > > I think it better to leave that up to the DNSBL instructions page. > > It certainly isn't advisable in general to hit postmaster@DNSBL etc. > They may be completely different entities not related to each other. > Might be worth saying "read the contact instructions dammit!" ;-) > >>> | 2.2.3. Removals SHOULD Be Prompt >>> | >>> | Requests for removal SHOULD be honored without question. [...] >>> >>> That section apparently assumes more about a DNSBL's policy than >>> the rest of >>> the BCP. For example, a previous section considers listings >>> associated with >>> geographic information. Aren't there valid exceptions for >>> automatic delisting? >> >> Good point, worth a little clarification. > > Will take that under advisement ;-) > >>> | 2.2.4. SHOULD Have Similar Criteria for Listing and Delisting > >>> "Criteria for Listing and Delisting SHOULD be symmetrical." Sounds >>> better? > >> But it's not right. In particular, DNSBLs that list due to observed >> behavior, e.g. hitting spamtraps, usually stop paying attention to >> delist requests for IPs that keep relisting themselves. > > We're trying to avoid pure symmetry to give some room for DNSBLs to > offer additional instructions not entirely symmetrical with the > given listing, but at the same time, try to heavily discourage the > extremes (DNSBLs acting like a protection racket). Some BL policies do not adhere to the dubious philosophy expressed in section 2.2.1 and 2.2.3. 2.2.1. Listings SHOULD Be Temporary 2.2.3. Removals SHOULD Be Prompt Automatic de-listing can be highly counter productive in controlling IP address ranges previously producing substantial levels of abuse. Requiring owners of an address range to request de-listing establishes points of contact to better deal with likely events of future abuse. Automatic de-listing, from that standpoint, is less effective at curbing abuse. Automatic de-listing also enables a range of IP addresses to operate individually over a detection and listing process, which may involve substantial review and owner notification. The possible use of owner notification is fully lacking from draft, as well as provider indemnification, which represents a different and perhaps more responsible means for dealing with abuse. Automated detection and listing although conceptually attractive, is limited and often is gamed by abusers. Sections 2.2.1 and 2.2.3 should be removed or changed to represent only one possible mode of operation. Six months is not a "sensible maximum". This period depends upon how the BL is administered and their internal policies. >>> | 3.4. Shutdowns MUST Be Done in a Graceful Fashion >>> >>> Since it has been mentioned that commercial DNSBLs exist, it may >>> make sense >>> to recommend that they use adequate renewal methods. (For example, >>> Trend Micro >>> is still missing a credit card based self-renewal web page.) >> >> Way out of scope here. If your Trend subscription expires, that's >> not the >> same thing as the list being shut down. > > Agreed. The Trend process requires a P.O. and a contract for valid reasons not covered by this draft. : ( -Doug _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 13:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-3.3 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207078153.23585@lD7irGfyz8SOy9XHj7rlaw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 13:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PJT4sb004761 for ; Tue, 25 Mar 2008 15:29:13 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B49303A6EF0; Tue, 25 Mar 2008 12:31:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3K3LwMLvnTOD; Tue, 25 Mar 2008 12:31:03 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0DFB3A6AA4; Tue, 25 Mar 2008 12:31:02 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 25B133A6A45 for ; Tue, 25 Mar 2008 12:31:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y2vpj1Wcvfq9 for ; Tue, 25 Mar 2008 12:31:01 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by core3.amsl.com (Postfix) with ESMTP id E91D43A6865 for ; Tue, 25 Mar 2008 12:31:00 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id c10so1398691nfd.39 for ; Tue, 25 Mar 2008 12:28:28 -0700 (PDT) Received: by 10.78.81.20 with SMTP id e20mr26820545hub.1.1206473308059; Tue, 25 Mar 2008 12:28:28 -0700 (PDT) Received: by 10.78.50.2 with HTTP; Tue, 25 Mar 2008 12:28:27 -0700 (PDT) Message-ID: <7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com> Date: Tue, 25 Mar 2008 15:28:27 -0400 From: "Al Iverson" To: "Anti-Spam Research Group - IRTF" In-Reply-To: <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> MIME-Version: 1.0 Content-Disposition: inline References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Tue, Mar 25, 2008 at 2:36 PM, Douglas Otis wrote: > Some BL policies do not adhere to the dubious philosophy expressed in > section 2.2.1 and 2.2.3. Could you elaborate upon the relevancy of that fact? I'm not seeing why it matters. > 2.2.1. Listings SHOULD Be Temporary > > 2.2.3. Removals SHOULD Be Prompt > > Automatic de-listing can be highly counter productive in controlling > IP address ranges previously producing substantial levels of abuse. > Requiring owners of an address range to request de-listing establishes > points of contact to better deal with likely events of future abuse. I think these should stand as is. I think they cover "it's not suitable to remove your IP address at this time" eventualities just fine. Regards, Al Iverson -- Al Iverson on Spam and Deliverability, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com My personal website: http://www.aliverson.com -- Chicago, IL, USA Remove "lists" from my email address to reach me faster and directly. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 13:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207078765.47375@/JCDq6bk/TyKFFKsSZtZGw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 13:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PJdJfA005809 for ; Tue, 25 Mar 2008 15:39:24 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CC313A6F25; Tue, 25 Mar 2008 12:41:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IUcVACEqvQcO; Tue, 25 Mar 2008 12:41:12 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FD6828C3F6; Tue, 25 Mar 2008 12:41:03 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F64828C3F6 for ; Tue, 25 Mar 2008 12:41:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WLtger-B+zF1 for ; Tue, 25 Mar 2008 12:41:00 -0700 (PDT) Received: from webmail.returnpath.net (webmail.returnpath.net [67.154.224.203]) by core3.amsl.com (Postfix) with ESMTP id 0AEA83A6CF6 for ; Tue, 25 Mar 2008 12:39:57 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 25 Mar 2008 15:36:43 -0400 Message-ID: <3B5E0B6321289441AAB5419A6F7B6B52914AD3@rpnyex01.rpcorp.local> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt Thread-Index: AciN1+hZgNUU3mPfSkWjQ7o34UTzeQAzloog References: From: "J D Falk" To: "Anti-Spam Research Group - IRTF" Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean More seriously.... Should this document explain some of the differences between a manually updated list and an automated/reputation-based list? Suggested updates/changes to existing text are in square brackets: Abstract The rise of spam and other anti-social behavior on the Internet has led to the creation of shared blacklists and whitelists of IP addresses or domains. This memo discusses guidelines for management of public DNS blacklists (DNSBLs) [by the operators of such blacklists, and may provide useful background for server administrators who use DNSBLs. It is not intended to advise on the utility or effiacy of particular DNSBLs or the DNSBL concept in general, nor to assist end users with questions about spam.] [ . . . ] 1. Introduction 1.1. DNS-Based Reputation Systems Due to the rising amount of spam and other forms of network abuse on the Internet, many community members and companies began to create and maintain DNS-based reputation systems ("DNSBL") of IP addresses and domains identified as problem sources of email. These lists also have been known as blocklists[, or] blacklists. These lists are [generally] used for filtering email. [ ] DNSBLs [may be] either public or private. A public DNSBL makes its data available to any party seeking information about data on the list, [while] a private DNSBL is used solely by an organization for its own use and the data is not made available publicly. There are also commercial DNSBLs[, available for a fee. Furthermore, some are free yet require a fee for higher numbers of queries.] The first publicly available DNSBL using the Domain Name System (DNS) for distributing reputation data about email senders emerged in 1997, shortly after spam became a problem for network operators and email administrators. This pioneer DNSBL focused on identifying known spam sources situated at static [(unchanging}] IP addresses. Due to the broad adoption of this DNSBL, it had a devastating impact on [these] static spam sources. Consequently, abusers found other methods for distributing their spam[, ] such as relaying messages through unsecured email servers or flawed formmail scripts on web pages. Additional DNSBLs were developed by others in order to address these changing tactics, and today more than 700 DNSBLs are in operation. [ . . . ] 2.1. Transparency [ . . . ] In other words, be direct and honest and clear about the listing criteria, and make certain that only entries meeting the published criteria are added to the list. For example, some DNSBL operators have been known to include ["]spite listings["] in the lists they administer[ -- listings of IP addresses or domain names associated with someone who has insulted them, rather than actually violating the published criteria for inclusion in the list]. There is nothing inherently wrong with this practice so long as it is clearly disclosed. For example, a DNSBL described as listing open relays only MUST NOT include IP addresses for any other reason. This transparency principle does not require DNSBL administrators to disclose the precise algorithms and data involved in a listing[, but rather the intent behind choosing those algorithms and data]. [ . . . ] 3.3. DNSBLs SHOULD Provide Operational Flags Most DNSBLs follow a convention of entries for IPs in 127.0.0.0/8 to provide online indication of whether the DNSBL is operational. [In other words, the result of a DNS lookup will be in the range of 127.0.0.1 through 127.0.0.255.] Many DNSBLs arrange to have a query of 127.0.0.2 return an A record indicating that the IP is listed, and a query of 127.0.0.1 return no A record (NXDOMAIN). When both of these indicators are present, this indicates that the DNSBL is functioning normally. See [DNSBL-EMAIL]. [Other results, such as 127.0.0.3, may have different meanings.] This [o]perational flag usage and meaning SHOULD be published on the DNSBL's web site. [Some mail systems are unable to differentiate between these various results or flags, however, so a public DNSBL MUST NOT include opposing or widely different meanings -- such as 127.0.0.23 for "sends good mail" and 127.0.0.99 for "sends bad mail" -- within the same DNS zone.] [ . . . ] _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 15:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,NORMAL_HTTP_TO_IP, SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207085298.4068@rg6FJ2+R+qkbOyJYOrabJw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 15:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PLSAgg011849 for ; Tue, 25 Mar 2008 17:28:15 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FE263A6CAC; Tue, 25 Mar 2008 14:29:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xIXu8KTIhVum; Tue, 25 Mar 2008 14:29:52 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2420E3A6C1C; Tue, 25 Mar 2008 14:29:51 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E67273A6B71 for ; Tue, 25 Mar 2008 14:29:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnFrp42TERGX for ; Tue, 25 Mar 2008 14:29:46 -0700 (PDT) Received: from mail.leisi.net (trillian.net.astrum.ch [213.144.132.251]) by core3.amsl.com (Postfix) with ESMTP id D40233A68B1 for ; Tue, 25 Mar 2008 14:29:45 -0700 (PDT) Received: from verleihnix.local (marvin.net.astrum.ch [213.144.132.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.leisi.net (Postfix) with ESMTP id D74AE22792 for ; Tue, 25 Mar 2008 22:27:17 +0100 (CET) Message-ID: <47E96E35.5080804@leisi.net> Date: Tue, 25 Mar 2008 22:27:17 +0100 From: Matthias Leisi User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: In-Reply-To: X-Enigmail-Version: 0.95.6 OpenPGP: id=7CA2FE89 Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A couple of remarks from the perspective of an operator of a DNS-based whitelist (dnswl.org), including some general remarks: * Large portions of this document apply equally to black- and whitelist. Therefore it may make sense to enlarge the scope to explictly cover whitelists as well. The general notion of "DNS-Based Reputation Systems" would profit even more if whitelists would be explicitly included. * 2.2.1 Listings SHOULD be temporary: IMO this section should be dropped - - it describes a certain policy which may or may not fit the purpose of a particular DNSBL. * 2.2.3 Removals SHOULD be prompt: Similar to the item above, automated removals may or may not be a good idea. Considering an Spamhaus-SBL-type list, this SHOULD for automated removals does not make much sense. * 3.1 DNSBL Query Root Domain SHOULD be a subdomain: It should be defined how best to differentiate multiple (possibly related) DNSBLs under a common domain ("purposeA.dnsbl.example.com" and "purposeB.dnsbl.example.com" vs. "dnsblA.example.com" and "dnsblB.example.com"). * 3.2 DNSBLs SHOULD be Adequately Provisioned: For public use, that should rather be a MUST. "Redundancy" should further be clarified (number, net-topological location and vendor/versions of software). * Addition to 3.2 and redundancy: nameservers should provide appropriate glue records, possibly in different TLDs to protect against single-TLD issues. * 3.4 Shutdown: Add an item 5 warning against directing nameserver lookups at some third-party unrelated to the DNSBL operation (eg an ISPs nameserver), and noting that such behaviour is similar to inflicting a dDoS). * 3.5 Listing of special...: "MAY list loopback" vs. "MUST NOT list 127.0.0.1" - does this make sense? * Proposal: 3.8 Protect against misconfiguration by users: Common types of misconfigurations include - - Using wrong (sub-) zones for querying (4.3.2.1.example.com instead of 4.3.2.1.dnsbl.example.com) - - Downloading a local mirror of the data, but failing to set up the local nameserver infrastructure appropriately, and thus keeping querying public nameservers - - Downloading a local mirror of the data, but misconfiguring the local nameserver infrastructure to query a locally invented zone name (4.3.2.1.dnsbl.local) at the public nameservers. - - Misconfigured local nameservers to not do meaningful caching, thus heavily increasing load on public nameservers. To protect against such misconfiguration, DNSBL operators SHOULD make efforts to contact administrative contacts to remedy the situation, but SHOULD also prepare to take appropriate steps to protect the operative infrastructure (ie, to block abusive users from causing further damage). - -- Matthias -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFH6W41xbHw2nyi/okRAiBMAJ4vI+s+Mn6TrPssOhIB02BOgdZ+ywCeP3q/ r6ctnRgoqQ+Wp3w17OQXgkg= =XuL7 -----END PGP SIGNATURE----- _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 15:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207085764.20102@FfjgKOyHIqFGf5It1AJ9YQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 15:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PLZvXw012586 for ; Tue, 25 Mar 2008 17:36:02 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E30F928C32C; Tue, 25 Mar 2008 14:38:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhlqH17qB-Nr; Tue, 25 Mar 2008 14:38:14 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1958C3A6B40; Tue, 25 Mar 2008 14:38:14 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 71C0D3A68D0 for ; Tue, 25 Mar 2008 14:38:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7Gx7ih0cjLq for ; Tue, 25 Mar 2008 14:38:12 -0700 (PDT) Received: from webmail.returnpath.net (webmail.returnpath.net [67.154.224.203]) by core3.amsl.com (Postfix) with ESMTP id 8F4113A6A5E for ; Tue, 25 Mar 2008 14:38:12 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 25 Mar 2008 17:34:58 -0400 Message-ID: <3B5E0B6321289441AAB5419A6F7B6B52C5F112@rpnyex01.rpcorp.local> In-Reply-To: <47E96E35.5080804@leisi.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt Thread-Index: AciOvvx4Zy/RZIQ2Tu+exJaDCZ1l1AAAGC+w References: <47E96E35.5080804@leisi.net> From: "J D Falk" To: "Anti-Spam Research Group - IRTF" Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean Matthias Leisi wrote: > * Large portions of this document apply equally to black- and whitelist. > Therefore it may make sense to enlarge the scope to explictly cover > whitelists as well. The general notion of "DNS-Based Reputation Systems" > would profit even more if whitelists would be explicitly included. Call it "DNS-Based Binary Reputation Systems," and I'd agree. The full range of reputation systems in use today is much too broad to fit into DNS, or into this document. > * 2.2.1 Listings SHOULD be temporary: IMO this section should be dropped > - - it describes a certain policy which may or may not fit the purpose > of a particular DNSBL. It fits most DNSBLs, though, as a best practice. > * 2.2.3 Removals SHOULD be prompt: Similar to the item above, > automated removals may or may not be a good idea. Considering an > Spamhaus-SBL-type list, this SHOULD for automated removals does not > make much sense. Most DNSBLs aren't the Spamhaus SBL. This is a best practice for just about everything else. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 15:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207086440.64037@3+9DU9S9gkhJZKJxtPePuA X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 15:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PLlFSk013977 for ; Tue, 25 Mar 2008 17:47:20 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 87D0228C591; Tue, 25 Mar 2008 14:46:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REqntkWPT+3w; Tue, 25 Mar 2008 14:46:06 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BACD28C528; Tue, 25 Mar 2008 14:45:46 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CF3228C13E for ; Tue, 25 Mar 2008 14:45:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8soIPq4ipW4K for ; Tue, 25 Mar 2008 14:45:44 -0700 (PDT) Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by core3.amsl.com (Postfix) with ESMTP id C13F328C4A3 for ; Tue, 25 Mar 2008 14:44:59 -0700 (PDT) Received: from [IPv6:::1] (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id 5EE4CA946F8 for ; Tue, 25 Mar 2008 21:42:40 +0000 (UTC) Message-Id: <41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> From: Douglas Otis To: Anti-Spam Research Group - IRTF In-Reply-To: <7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v919.2) Date: Tue, 25 Mar 2008 14:42:36 -0700 References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> <7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com> X-Mailer: Apple Mail (2.919.2) Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Mar 25, 2008, at 12:28 PM, Al Iverson wrote: > On Tue, Mar 25, 2008 at 2:36 PM, Douglas Otis > wrote: > >> Some BL policies do not adhere to the dubious philosophy expressed >> in section 2.2.1 and 2.2.3. > > Could you elaborate upon the relevancy of that fact? I'm not seeing > why it matters. This was expanded upon in text you deleted by stating not all BLs depend upon full list automation. Some lists attempt to audit networks and provide notifications to afford opportunities to remedy issues. Establishing co-operative relationships often involves time. The time expended means such efforts can easily be gamed, especially when de-listing is automatic at set intervals or acted upon automatically from any request. Keep in mind, some organizations structure their BL services differently. Some offer BLs run in the manner suggested by the current version of the draft and others do not. Trend happens to do both. The difference between these two approaches is rather dramatic in respect to abating UCEs. Neither management style offers a perfect system. Each offer a level of service better suited to a range of individual needs. This draft wrongly assumes only one approach should be used, and that is simply wrong in many cases. Each of these approaches benefits the Internet overall, but no one should assume that one approach is always better than the other in every case. Justifying a listing and de-listing policy should consider all factors involved. This draft concludes de-listing interval of 180 days is sensible without a basis to support the claim. It is not enough to say this policy has been used by company X, Y or Z. Control on behaviour is the result of many differing policies. It would be wrong to conclude one approach is somehow better than another. They all play different roles and serve different needs. One size does not fit all. It is a myth the solution to spam is simply a matter solved through automation and standardized policies. It hard to explain just how wrong that perspective is. >> 2.2.1. Listings SHOULD Be Temporary >> >> 2.2.3. Removals SHOULD Be Prompt >> >> Automatic de-listing can be highly counter productive in >> controlling IP address ranges previously producing substantial >> levels of abuse. Requiring owners of an address range to request de- >> listing establishes points of contact to better deal with likely >> events of future abuse. > > I think these should stand as is. I think they cover "it's not > suitable to remove your IP address at this time" eventualities just > fine. It does not help the cause to have these "SHOULD" statements which, in the end, will likely prove highly counter productive. While automation helps, it is not a complete solution, nor will automation ever be. Automation can and is being gamed. -Doug _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 15:27:04 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.7 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207087178.88098@usKBrpfGXd5hpwgQmoUvfg X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 15:27:04 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PLxUK4015314 for ; Tue, 25 Mar 2008 17:59:35 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9379E28C466; Tue, 25 Mar 2008 15:00:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfS81brBKu5F; Tue, 25 Mar 2008 15:00:08 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 899F528C3B0; Tue, 25 Mar 2008 14:59:45 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABC3428C526 for ; Tue, 25 Mar 2008 14:59:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zuMfT8RZOYF2 for ; Tue, 25 Mar 2008 14:59:36 -0700 (PDT) Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by core3.amsl.com (Postfix) with ESMTP id AFAB928C5F9 for ; Tue, 25 Mar 2008 14:56:54 -0700 (PDT) Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.3.Beta0/8.14.3.Beta0) with ESMTP id m2PLsM7D008522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 25 Mar 2008 14:54:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1206482074; x=1206568474; bh=49Z8AQrRDjK8hf8VMWz2K8MkxrMNK5Cm7hfy jbVftww=; h=Message-Id:Date:To:From:Subject:In-Reply-To:References: Mime-Version:Content-Type:Cc; b=RAXgnvjgVaFarz/gytdo/jKkEAErf8vODW 82usfAArkvGH4BskdSn6b0RMZCGJaNoF2+fdn4xF1Q9s6o5S8krOv9fIQMaptwnVF0m toQglXQHPcc2iUkB+fBUrECOjualupTEW1Roa7SWKVSjNLfWee2JTv3EIaMg4xoS4bJ tuA= DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns; b=mQg38WYmcOqFuwGVnFclirn+vMJQeI80hXtbZw0b3DqU5hDOcHb9n+ksxnNZ44Cn5 tpSSE//qyCQ9DYzI0bwYWKHvE+uRGj/5oSKcrFlmNTr0G3tpUd+7UoMqZP78DEAB3dg A1xDkSlzLYKbwl9smLiCsHPIex6WTH3lwwdr5Fc= Message-Id: <6.2.5.6.2.20080325144321.030e8e10@resistor.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6 Date: Tue, 25 Mar 2008 14:53:26 -0700 To: Anti-Spam Research Group - IRTF From: SM In-Reply-To: <47E96E35.5080804@leisi.net> References: <47E96E35.5080804@leisi.net> Mime-Version: 1.0 Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean At 14:27 25-03-2008, Matthias Leisi wrote: >* 2.2.1 Listings SHOULD be temporary: IMO this section should be dropped >- - it describes a certain policy which may or may not fit the purpose of >a particular DNSBL. It is better that listings be temporary as IP addresses can be reassigned. There is nothing in that recommendation that prevents the operator from relisting the IP address. Such a recommendation prompts the operator to review the listings for correctness. >* 3.5 Listing of special...: "MAY list loopback" vs. "MUST NOT list >127.0.0.1" - does this make sense? Yes. Regards, -sm _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 15:27:04 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.7 required=4.0 tests=AWL,BAYES_00, RCVD_IN_BSP_OTHER,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207088130.41885@JVMVgHC69XISH6AAoDrYaA X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 15:27:04 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PMFOkm017686 for ; Tue, 25 Mar 2008 18:15:29 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 347D23A6BD5; Tue, 25 Mar 2008 15:17:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHFLYFZ88vwo; Tue, 25 Mar 2008 15:17:35 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 374CA28C100; Tue, 25 Mar 2008 15:17:34 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B35543A6965 for ; Tue, 25 Mar 2008 15:17:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L-+jPAHLVGGx for ; Tue, 25 Mar 2008 15:17:29 -0700 (PDT) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id 2F0673A6AB2 for ; Tue, 25 Mar 2008 15:17:29 -0700 (PDT) Received: (qmail 32510 invoked from network); 25 Mar 2008 22:15:09 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 25 Mar 2008 22:15:09 -0000 Date: 25 Mar 2008 22:15:08 -0000 Message-ID: <20080325221508.11224.qmail@simone.iecc.com> From: John Levine To: asrg@ietf.org In-Reply-To: <47E96E35.5080804@leisi.net> Organization: Cc: asrg@ietf.org X-Headerized: yes Mime-Version: 1.0 Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean >* 2.2.1 Listings SHOULD be temporary: IMO this section should be dropped >- - it describes a certain policy which may or may not fit the purpose of >a particular DNSBL. Perhaps, listings based on the observed behavior of the IP should be temporary. If it's listed because it sends spam, it may well stop sending spam but if it's listed because it's DHCP space or because it's in Korea, it won't. >* 3.1 DNSBL Query Root Domain SHOULD be a subdomain: It should be >defined how best to differentiate multiple (possibly related) DNSBLs >under a common domain ("purposeA.dnsbl.example.com" and >"purposeB.dnsbl.example.com" vs. "dnsblA.example.com" and >"dnsblB.example.com"). That's in the other document that describes the mechanics. See the ASRG Wiki for a copy of it. >* 3.2 DNSBLs SHOULD be Adequately Provisioned: For public use, that >should rather be a MUST. "Redundancy" should further be clarified >(number, net-topological location and vendor/versions of software). This doesn't seem like the right place for a treatise on DNS ops. Adequate should be adequate. >* Addition to 3.2 and redundancy: nameservers should provide appropriate >glue records, possibly in different TLDs to protect against single-TLD >issues. Ops again. >* Proposal: 3.8 Protect against misconfiguration by users: Common types >of misconfigurations include way more boneheaded things than any of us can possible imagine. Don't see that this is a reasonable thing for people to ask, particularly if a DNSBL gets a lot of use. I can also report from experience that there are plenty of places that misuse a DNSBL and are completely impossible to contact or correct. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 16:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207089032.13827@g0OMblMxsIzovH1QIDoFiA X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 16:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PMUQ84020192 for ; Tue, 25 Mar 2008 18:30:31 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0FC5C28C435; Tue, 25 Mar 2008 15:32:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgaq4YGu9K2p; Tue, 25 Mar 2008 15:32:32 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4332E28C3B6; Tue, 25 Mar 2008 15:32:32 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD16428C2A2 for ; Tue, 25 Mar 2008 15:32:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwaU5TDOyOrq for ; Tue, 25 Mar 2008 15:32:30 -0700 (PDT) Received: from harry.mail-abuse.org (harry.mail-abuse.org [168.61.5.27]) by core3.amsl.com (Postfix) with ESMTP id 1285328C1AD for ; Tue, 25 Mar 2008 15:32:30 -0700 (PDT) Received: from [IPv6:::1] (gateway1.sjc.mail-abuse.org [168.61.5.81]) by harry.mail-abuse.org (Postfix) with ESMTP id 225A6A94797 for ; Tue, 25 Mar 2008 22:30:11 +0000 (UTC) Message-Id: From: Douglas Otis To: Anti-Spam Research Group - IRTF In-Reply-To: <6.2.5.6.2.20080325144321.030e8e10@resistor.net> Mime-Version: 1.0 (Apple Message framework v919.2) Date: Tue, 25 Mar 2008 15:30:10 -0700 References: <47E96E35.5080804@leisi.net> <6.2.5.6.2.20080325144321.030e8e10@resistor.net> X-Mailer: Apple Mail (2.919.2) Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Mar 25, 2008, at 2:53 PM, SM wrote: > At 14:27 25-03-2008, Matthias Leisi wrote: >> * 2.2.1 Listings SHOULD be temporary: IMO this section should be >> dropped - - it describes a certain policy which may or may not fit >> the purpose of a particular DNSBL. > > It is better that listings be temporary as IP addresses can be > reassigned. There is nothing in that recommendation that prevents > the operator from relisting the IP address. Such a recommendation > prompts the operator to review the listings for correctness. This ignores whether ownership of the address space changed. In some cases, IP addresses can not be handled effectively on an individual basis when network stewardship proves ineffective. This issue is evolving along with introduction of IPv6. Let the games been? >> * 3.5 Listing of special...: "MAY list loopback" vs. "MUST NOT list >> 127.0.0.1" - does this make sense? > > Yes. Agreed. There also remains a small percentage of subscribers that query address octets in the wrong order. Such problems may require specialized services to ensure proper subscriber configuration or just greater dependence on Darwin. : ) -Doug _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Tue Mar 25 16:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207089817.18514@Kv8G57jVXxeIv0kLVFY3BQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Tue, 25 Mar 2008 16:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2PMhUas021765 for ; Tue, 25 Mar 2008 18:43:35 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 486C528C50D; Tue, 25 Mar 2008 15:45:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYN5BqzFlRJx; Tue, 25 Mar 2008 15:45:29 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5016328C1A1; Tue, 25 Mar 2008 15:45:29 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D85CF3A68CB for ; Tue, 25 Mar 2008 15:45:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CiGtT77GTajN for ; Tue, 25 Mar 2008 15:45:25 -0700 (PDT) Received: from zeno.hjp.at (zeno.hjp.at [81.223.91.228]) by core3.amsl.com (Postfix) with ESMTP id B705828C10F for ; Tue, 25 Mar 2008 15:44:53 -0700 (PDT) Received: by zeno.hjp.at (Postfix, from userid 1000) id 5296D4006; Tue, 25 Mar 2008 23:42:33 +0100 (CET) Date: Tue, 25 Mar 2008 23:42:33 +0100 From: "Peter J. Holzer" To: asrg@ietf.org Message-ID: <20080325224233.GB11998@hjp.at> Mail-Followup-To: asrg@ietf.org References: <47E96E35.5080804@leisi.net> <20080325221508.11224.qmail@simone.iecc.com> MIME-Version: 1.0 In-Reply-To: <20080325221508.11224.qmail@simone.iecc.com> User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0713149594==" Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean --===============0713149594== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln" Content-Disposition: inline --CdrF4e02JqNVZeln Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2008-03-25 22:15:08 -0000, John Levine wrote: > >* 2.2.1 Listings SHOULD be temporary: IMO this section should be dropped > >- - it describes a certain policy which may or may not fit the purpose of > >a particular DNSBL. >=20 > Perhaps, listings based on the observed behavior of the IP should be > temporary. If it's listed because it sends spam, it may well stop > sending spam but if it's listed because it's DHCP space or because > it's in Korea, it won't. Even that can change. I've seen netblocks move from one European country to another (within the same provider), and I guess it isn't unusual for a provider to change an netblock from fixed addresses to dynamic or vice versa. hp --=20 _ | Peter J. Holzer | It took a genius to create [TeX], |_|_) | Sysadmin WSR | and it takes a genius to maintain it. | | | hjp@hjp.at | That's not engineering, that's art. __/ | http://www.hjp.at/ | -- David Kastrup in comp.text.tex --CdrF4e02JqNVZeln Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH6X/ZfZ+RkG8quy0RAiesAJ9YHst51QhhAAvW3ihAaUvcuCjp+QCgqokZ /J+TaB/wCo3PKAMFzCppsag= =Rwir -----END PGP SIGNATURE----- --CdrF4e02JqNVZeln-- --===============0713149594== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg --===============0713149594==-- From asrg-bounces@ietf.org Wed Mar 26 07:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.5 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207143236.68062@cgpFB14LxJJLGV1Kt+BFfQ X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Wed, 26 Mar 2008 07:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2QDXmoa032245 for ; Wed, 26 Mar 2008 09:33:54 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB16728C557; Wed, 26 Mar 2008 06:35:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxCnfYmMwi9z; Wed, 26 Mar 2008 06:35:47 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0EB928C4F9; Wed, 26 Mar 2008 06:35:47 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E4B73A6D8D for ; Wed, 26 Mar 2008 06:35:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThXjFpBIkwE0 for ; Wed, 26 Mar 2008 06:35:43 -0700 (PDT) Received: from zrtps0kn.nortel.com (zrtps0kn.nortel.com [47.140.192.55]) by core3.amsl.com (Postfix) with ESMTP id 143D228C557 for ; Wed, 26 Mar 2008 06:35:43 -0700 (PDT) Received: from zcarhxs1.corp.nortel.com (zcarhxs1.corp.nortel.com [47.129.230.89]) by zrtps0kn.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id m2QDXKX29921 for ; Wed, 26 Mar 2008 13:33:20 GMT Received: from [47.129.150.176] ([47.129.150.176] RDNS failed) by zcarhxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Mar 2008 09:32:54 -0400 Message-ID: <47EA5086.7090102@nortel.com> Date: Wed, 26 Mar 2008 09:32:54 -0400 From: "Chris Lewis" User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: <47E96E35.5080804@leisi.net> <3B5E0B6321289441AAB5419A6F7B6B52C5F112@rpnyex01.rpcorp.local> In-Reply-To: <3B5E0B6321289441AAB5419A6F7B6B52C5F112@rpnyex01.rpcorp.local> X-OriginalArrivalTime: 26 Mar 2008 13:32:54.0668 (UTC) FILETIME=[E58B34C0:01C88F45] Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean J D Falk wrote: > Matthias Leisi wrote: > >> * Large portions of this document apply equally to black- and > whitelist. >> Therefore it may make sense to enlarge the scope to explictly cover >> whitelists as well. The general notion of "DNS-Based Reputation > Systems" >> would profit even more if whitelists would be explicitly included. > > Call it "DNS-Based Binary Reputation Systems," and I'd agree. The full > range of reputation systems in use today is much too broad to fit into > DNS, or into this document. > >> * 2.2.1 Listings SHOULD be temporary: IMO this section should be > dropped >> - - it describes a certain policy which may or may not fit the purpose >> of a particular DNSBL. > It fits most DNSBLs, though, as a best practice. Aside from certain types of static DNSBLs, it's always best practise. Don't forget the document explicitly says that listings can be extended/renewed. >> * 2.2.3 Removals SHOULD be prompt: Similar to the item above, >> automated removals may or may not be a good idea. Considering an >> Spamhaus-SBL-type list, this SHOULD for automated removals does not >> make much sense. > > Most DNSBLs aren't the Spamhaus SBL. This is a best practice for just > about everything else. SBL removals are prompt. Who said anything about automated? _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Wed Mar 26 08:27:09 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.4 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207149569.27008@1DMa8yGOOADxzAtz6wmbtw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Wed, 26 Mar 2008 08:27:09 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2QFJKe4015944 for ; Wed, 26 Mar 2008 11:19:26 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B97413A6F40; Wed, 26 Mar 2008 08:21:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e1todvsuV13f; Wed, 26 Mar 2008 08:21:26 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B94F33A6F3C; Wed, 26 Mar 2008 08:21:25 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9AE093A6F23 for ; Wed, 26 Mar 2008 08:21:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I48AcPJzr4J9 for ; Wed, 26 Mar 2008 08:21:23 -0700 (PDT) Received: from mail50.messagelabs.com (mail50.messagelabs.com [195.245.230.67]) by core3.amsl.com (Postfix) with SMTP id 49F543A6C64 for ; Wed, 26 Mar 2008 08:21:22 -0700 (PDT) X-VirusChecked: Checked X-Env-Sender: msergeant@messagelabs.com X-Msg-Ref: server-21.tower-50.messagelabs.com!1206544740!7759242!1 X-StarScan-Version: 5.5.12.14.2; banners=messagelabs.com,-,- X-Originating-IP: [62.231.131.6] Received: (qmail 13224 invoked from network); 26 Mar 2008 15:19:00 -0000 Received: from mlbrn2exc001.messagelabs.com (HELO mlbrn2exc001.messagelabs.com) (62.231.131.6) by server-21.tower-50.messagelabs.com with SMTP; 26 Mar 2008 15:19:00 -0000 Received: from matt-dev.int.star.co.uk ([10.191.110.53]) by mlbrn2exc001.messagelabs.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Mar 2008 15:19:00 +0000 Received: (qmail 12577 invoked from network); 26 Mar 2008 15:19:00 -0000 Received: from unknown (HELO ?10.102.5.136?) (10.102.5.136) by matt?dev.int.star.co.uk with SMTP; 26 Mar 2008 15:19:00 -0000 Message-ID: <47EA695A.6070202@messagelabs.com> Date: Wed, 26 Mar 2008 11:18:50 -0400 From: Matt Sergeant User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> <7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com> <41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> In-Reply-To: <41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> X-OriginalArrivalTime: 26 Mar 2008 15:19:00.0638 (UTC) FILETIME=[B7F523E0:01C88F54] Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean Douglas Otis wrote: > > This was expanded upon in text you deleted by stating not all BLs > depend upon full list automation. Some lists attempt to audit > networks and provide notifications to afford opportunities to remedy > issues. Establishing co-operative relationships often involves time. > The time expended means such efforts can easily be gamed, especially > when de-listing is automatic at set intervals or acted upon > automatically from any request. Keep in mind, some organizations > structure their BL services differently. Some offer BLs run in the > manner suggested by the current version of the draft and others do > not. Trend happens to do both. OK, so let me just clarify this - when you are listing a netblock (and communicating with the owner or whatever you do), you NEVER periodically re-check that netblock to make sure it hasn't changed hands or gone quiet or anything? It's just listed permanently until the heat death of the universe? Or is it temporary after all? And if you have reason to remove the netblock, do you not do so promptly? Are you holding the owner hostage for some particular purpose? > Justifying a listing and de-listing policy should consider all factors > involved. This draft concludes de-listing interval of 180 days is > sensible without a basis to support the claim. You've beat this drum before Doug. Please suggest a different figure with justification for YOUR figure. The 180 days figure is a maximum period which we suggest you list between doing a re-check on your listing criteria. It does NOT mean you have to remove the entry after 180 days, simply that you update the listing within that timeframe as IPs do change hands and change purposes. Despite all of this, these items are SHOULDs so that if your DNSBL doesn't meet these criteria it is still ok by the BCP. > It does not help the cause to have these "SHOULD" statements which, in > the end, will likely prove highly counter productive. While > automation helps, it is not a complete solution, nor will automation > ever be. Automation can and is being gamed. So build in anti-gaming measures. The freely run DNSBLs do. Besides, automatic delisting can be implemented with human intervention - notify your administrators that a range is about to be delisted and should therefore be re-checked for it's listing criteria, and the expiration date moved back if required. Matt. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Wed Mar 26 09:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-3.0 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207150195.75817@cfxV3xybsoCXU29JP9sftw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Wed, 26 Mar 2008 09:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2QFTnSU018092 for ; Wed, 26 Mar 2008 11:29:54 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D6B73A6DBD; Wed, 26 Mar 2008 08:31:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcGLd0Fthd6S; Wed, 26 Mar 2008 08:31:48 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4683F28C20F; Wed, 26 Mar 2008 08:31:48 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F33693A6C2D for ; Wed, 26 Mar 2008 08:31:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StJnMOOJPYhZ for ; Wed, 26 Mar 2008 08:31:46 -0700 (PDT) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by core3.amsl.com (Postfix) with ESMTP id D012E3A6860 for ; Wed, 26 Mar 2008 08:31:45 -0700 (PDT) Received: by nf-out-0910.google.com with SMTP id c10so1637650nfd.39 for ; Wed, 26 Mar 2008 08:29:23 -0700 (PDT) Received: by 10.78.203.20 with SMTP id a20mr347279hug.9.1206545358752; Wed, 26 Mar 2008 08:29:18 -0700 (PDT) Received: by 10.78.50.2 with HTTP; Wed, 26 Mar 2008 08:29:18 -0700 (PDT) Message-ID: <7d6a0cac0803260829v3ae72e97s26ed8baec203be6d@mail.gmail.com> Date: Wed, 26 Mar 2008 11:29:18 -0400 From: "Al Iverson" To: "Anti-Spam Research Group - IRTF" In-Reply-To: <41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> MIME-Version: 1.0 Content-Disposition: inline References: <20080325160757.22934.qmail@simone.iecc.com> <47E92CBD.50500@nortel.com> <463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org> <7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com> <41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean On Tue, Mar 25, 2008 at 5:42 PM, Douglas Otis wrote: > > On Mar 25, 2008, at 12:28 PM, Al Iverson wrote: > > > On Tue, Mar 25, 2008 at 2:36 PM, Douglas Otis > > wrote: > > > >> Some BL policies do not adhere to the dubious philosophy expressed > >> in section 2.2.1 and 2.2.3. > > > > Could you elaborate upon the relevancy of that fact? I'm not seeing > > why it matters. > > This was expanded upon in text you deleted by stating not all BLs > depend upon full list automation. You misunderstand. I'll rephrase. Why does it matter that some BL policies do not fit the BCP? It seems clear that regardless of what we come up with, some BLs will not be in compliance. Are we aiming for best practice, or are we recognizing how all BLs currently work? I think we should be aiming for best practice. If if that your concerns relate to MAPS/Trendlists potentially being out of compliance, that I would suggest that perhaps MAPS/Trend ought to show us why their take on best practice is better, not try to bend the universe to fit their model. MAPS policy on these cases, specific to removal and review of listings, were exceedingly problematic back in the day. I assume and hope that things have significantly changed since then. Regards, Al Iverson -- Al Iverson on Spam and Deliverability, see http://www.spamresource.com News, stats, info, and commentary on blacklists: http://www.dnsbl.com My personal website: http://www.aliverson.com -- Chicago, IL, USA Remove "lists" from my email address to reach me faster and directly. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Wed Mar 26 10:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207153752.94973@zuAkklgEsDQYgFWS/u5mKw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Wed, 26 Mar 2008 10:27:02 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2QGT7ch024416 for ; Wed, 26 Mar 2008 12:29:12 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FEDE28C5C9; Wed, 26 Mar 2008 09:30:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0AJNtQIZ8JpU; Wed, 26 Mar 2008 09:30:32 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 050E53A6F50; Wed, 26 Mar 2008 09:30:32 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2C903A6BCD for ; Wed, 26 Mar 2008 09:30:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7x9cKS0zOnBF for ; Wed, 26 Mar 2008 09:30:29 -0700 (PDT) Received: from webmail.returnpath.net (webmail.returnpath.net [67.154.224.203]) by core3.amsl.com (Postfix) with ESMTP id 6B4793A6CCC for ; Wed, 26 Mar 2008 09:30:09 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 26 Mar 2008 12:26:50 -0400 Message-ID: <3B5E0B6321289441AAB5419A6F7B6B52C5F1C3@rpnyex01.rpcorp.local> In-Reply-To: <7d6a0cac0803260829v3ae72e97s26ed8baec203be6d@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt Thread-Index: AciPVhGZNV+KTBlnTOOBQ4sS5gmZewAB070Q References: <20080325160757.22934.qmail@simone.iecc.com><47E92CBD.50500@nortel.com><463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org><7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com><41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> <7d6a0cac0803260829v3ae72e97s26ed8baec203be6d@mail.gmail.com> From: "J D Falk" To: "Anti-Spam Research Group - IRTF" Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean Al Iverson (who should know) reminded us: > MAPS policy on these cases, specific to removal and review of > listings, were exceedingly problematic back in the day. I assume and > hope that things have significantly changed since then. MAPS practices were the best practices approximately 1997-2000, primarily because there were no lists with better practices. Since then, spam has evolved, DNSBLs have evolved, the internet as a whole has evolved -- and so have the best practices. EVERYONE who worked for MAPS back then will say more or less the same thing. This document should reflect the CURRENT, BEST practices, not some nearly-forgotten ancestral set of what seemed like good enough ideas at the time. -- J.D. Falk Receiver Products Return Path _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Wed Mar 26 10:27:03 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.8 required=4.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-MailScanner-Watermark: 1207154791.0486@NS7VktcHW0WFWwzCCCr2rw X-Envelope-From: asrg-bounces@ietf.org X-Envelope-To: Return-Path: Received: from lorien.mallorn.com [208.78.102.2] by remote.mallorn.com with POP3 (fetchmail-6.3.8) for (single-drop); Wed, 26 Mar 2008 10:27:03 -0700 (MST) Received: from mail.ietf.org (mail.ietf.org [64.170.98.32]) by lorien.mallorn.com (8.14.1/8.14.1) with ESMTP id m2QGkNgb031574 for ; Wed, 26 Mar 2008 12:46:28 -0400 Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 347EA28C68D; Wed, 26 Mar 2008 09:48:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-b-LxI0LOeT; Wed, 26 Mar 2008 09:48:19 -0700 (PDT) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF87C28C2BA; Wed, 26 Mar 2008 09:48:18 -0700 (PDT) X-Original-To: asrg@core3.amsl.com Delivered-To: asrg@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A307828C299 for ; Wed, 26 Mar 2008 09:48:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NwG7F9wSAVag for ; Wed, 26 Mar 2008 09:48:16 -0700 (PDT) Received: from sbh17.songbird.com (unknown [IPv6:2001:470:1:76:0:ffff:4834:7146]) by core3.amsl.com (Postfix) with ESMTP id 59EE43A6F45 for ; Wed, 26 Mar 2008 09:48:16 -0700 (PDT) Received: from [192.168.0.6] (adsl-67-124-151-179.dsl.pltn13.pacbell.net [67.124.151.179]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id m2QGjmhA018574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 26 Mar 2008 09:45:54 -0700 Message-ID: <47EA7DBC.80308@dcrocker.net> Date: Wed, 26 Mar 2008 09:45:48 -0700 From: Dave Crocker User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Anti-Spam Research Group - IRTF References: <20080325160757.22934.qmail@simone.iecc.com><47E92CBD.50500@nortel.com><463604DB-4522-4A8E-B0BF-D3DC503D23BA@mail-abuse.org><7d6a0cac0803251228s43291ecbv404b8313739a7f8e@mail.gmail.com><41448BFB-34A3-4C9A-8C87-4C148824D33A@mail-abuse.org> <7d6a0cac0803260829v3ae72e97s26ed8baec203be6d@mail.gmail.com> <3B5E0B6321289441AAB5419A6F7B6B52C5F1C3@rpnyex01.rpcorp.local> In-Reply-To: <3B5E0B6321289441AAB5419A6F7B6B52C5F1C3@rpnyex01.rpcorp.local> X-Virus-Scanned: ClamAV 0.92/6396/Wed Mar 26 04:29:12 2008 on sbh17.songbird.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Wed, 26 Mar 2008 09:45:54 -0700 (PDT) Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt X-BeenThere: asrg@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: dcrocker@bbiw.net, Anti-Spam Research Group - IRTF List-Id: Anti-Spam Research Group - IRTF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: asrg-bounces@ietf.org Errors-To: asrg-bounces@ietf.org X-mallorn-MailScanner-Information: Please contact the ISP for more information X-mallorn-MailScanner: Found to be clean J D Falk wrote: > This document should reflect the CURRENT, BEST practices, not some > nearly-forgotten ancestral set of what seemed like good enough ideas at > the time. Yup. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ Asrg mailing list Asrg@ietf.org https://www.ietf.org/mailman/listinfo/asrg From asrg-bounces@ietf.org Wed Mar 26 13:27:02 2008 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lorien.mallorn.com X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,SPF_PASS autolearn=ham version=3.2.4 X-mallorn-