Steven F Siirila wrote:
On Sat, Apr 26, 2003 at 06:19:00PM -0700, Hallam-Baker, Phillip wrote:
DNSBLs can not force anyone to do anything and any authority given to
them is by consensual users of the DNSBL.
The ISP can consent, but what about the users of the ISP? In most
cases the users have no knowledge of the fact that a blacklist is
even in use.
That depends on the ISP. We provide our users with the ability to control
how or if their mail is blocked/filtered.
Do you (or any significant ISP) provide reports what have been blocked
and why for the users ?
[e.g.: sending host IP address, MAIL FROM:, RCPT TO:, reject reason]
It requires making MTA reject as little as possible before "RCPT TO:".
IMHO it should be recommended for any ISP
Their widespread use indicates that many receivers of
email have confidence in at least some DNSBLs.
Very few end users know that blacklists are in use.
Again, that depends on the ISP. DNSbls can be a very effective tool,
especially when users are aware of their availability and have control
over their use.
"Fair" use of DNSbl requires providing name of the DNSbl in the error
message generated for sender.
Any would be recomendation of RBL use must contain requirement for
providing such info (IMHO).
Thirdly, in the "BEST PRACTICES" section, you talk about creating some
sort of "common agreement on best practices for blacklists setting out
criteria for issues such as notice to the listed parties, appeals
processes and the acceptability of `collateral damage'." This is both
unnecessary and undesirable.
It is unnecessarey because DNSBLs can not force anyone to do anything,
their only authority comes from others who freely choose to use them.
Again, this is a very sysop centric view of the world. I do not believe
that system or network operators are the ultimate arbiters of the
Internet.
ISPs can and should decide how best to run their own mail servers with
the customer's best interest in mind. If that includes use of DNSbls,
then so be it.
Law is less logical (at least in some places) and the world is big.
I remember one posting in which (non US?) postmaster reported that
lawyers ordered turning off anti-spam features unless ISP customer
explicitly requested them.
The 'right' that appears to be being defended here is the right of
sysops to make decisions on behalf of their users with no
accountability.
Nobody said anything about "no accountability." I sense here nothing more
than a strong hatred of DNSbls, likely due to a bad experience with them.
You do not suggest that accountability may exist without making available to
users/customers detailed records of what has been rejected and why, do you ?
1) I do not suggest accepting bodies of spam messages
2) Some senders of a "courtesy copy" do NOTHING about the bounce
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg