ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 7. Best Practices - DNSBLs - Article

2003-08-12 09:49:46
from [Jason Steiner] [Permanent Link] 
"Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>


Any kind of auditing or control over the inner procedures of a black
list would improve the situation. 


I dispute this. Blocklists have reputations, even if that reputation is 
no reputation at all, and anyone who does a minimal amount of 
research can find out what that reputation is. If you don't like a 
blocklist's reputation, don't use it. 

Do we really need an auditing organization to tell us that SPEWS
has no contact information and lists more than just the spammer?
Of course not. So what is the real goal of proposals for auditing 
organizations? 

To make sure that every blocklist follows the same standards, which
just so happen to be the preferred standards of the person making
the proposal! But that defeats the whole purpose of having multiple
blocklists. And it would be far easier to start a new blocklist that 
actually embodied those standards than it would be to start a
organization intended to enforce those standards on other blocklists
that might well disagree with them.


A rating system would not be sufficient since it has potential for 
abuse. We would need someone to audit the blacklists, 
something like the Truste seal program for privacy. Or perhaps 
just a reliable auditor like a major accounting or security company, 
maybe even ISO 9002 (although with Enron and Arthur Andersen 
story that might not be reliable enough).


Exactly. And Truste's reliability isn't all that great either.


All we need is that a third impartial party has examined the procedures
of  the blacklist. Unfortunatly that is not being done today.


Where are you going to find a truly impartial third party, and who's
going to make sure that they stay impartial? Where will we find these
angels to rule us?

I submit that any anti-spam proposal that requires some centralized, 
incorruptible, and totally impartial authority is fundamentally unworkable.
They do not exist, and even if they did, a centralized organization would
be too big a target to escape eventual corruption.

jason


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 7. Best Practices - DNSBLs - Article, Markus Stumpf
Next by Date:  RE: [Asrg] 7. Best Practices - DNSBLs - Article, Yakov Shafranovich
Previous by Thread:  RE: [Asrg] 7. Best Practices - DNSBLs - Article, Yakov Shafranovich
Next by Thread:  RE: [Asrg] 7. Best Practices - DNSBLs - Article, Brad Knowles
Indexes:  [Date] [Thread] [Top] [All Lists]