At 04:32 PM 8/11/2003, Brad Knowles wrote:
At 3:14 PM -0400 2003/08/11, Yakov Shafranovich wrote:
This is something that should be reflected in the BCPs for mail
administrators - investigate the blacklist before you use it.
Indeed, but we need better investigative tools. Tools that can
give us a more authoritative view on whether or not a particular black
list actually adheres to the rules they espouse, or if maybe they are
revenge-based, or whatever. Tools that tell us if certain black lists
import data wholesale from other sources, without checking that first.
I'm not proposing any solutions per se, but it would be nice if
we could have some sort of a rating system that we could apply to various
aspects of all black lists, and on which trusted members of the community
could then vote.
Maybe an Advogato-like solution? Or perhaps one that is more
broad-community based and less small-trusted-group based, such as the
Amazon or imdb.com rating systems?
Any kind of auditing or control over the inner procedures of a black list
would improve the situation. A rating system would not be sufficient since
it has potential for abuse. We would need someone to audit the blacklists,
something like the Truste seal program for privacy. Or perhaps just a
reliable auditor like a major accounting or security company, maybe even
ISO 9002 (although with Enron and Arthur Andersen story that might not be
reliable enough).
All we need is that a third impartial party has examined the procedures of
the blacklist. Unfortunatly that is not being done today.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg