"Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
At 12:48 PM 8/12/2003, Jason Steiner wrote:
"Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
Any kind of auditing or control over the inner procedures of a
black
list would improve the situation.
I dispute this. Blocklists have reputations, even if that reputation
is
no reputation at all, and anyone who does a minimal amount of
research can find out what that reputation is. If you don't like a
blocklist's reputation, don't use it.
The problem is that mail administrators are so fed up with spam, they
choose blacklists based on their effectiveness, not reputation.
Untrue. If this were the case, mail administrators would all just block
/0 and be done with it. That is, after all, the easiest and most effective
way to stop 100% of spam. But of course, it's also silly.
Every mail administrator does a balancing act between stopping spam
and allowing good mail through. Where they choose to strike that balance
varies, but we hardly need to tell them to do it.
It would be much easier if ISPs would flag messages like SpamAssasin does with
input from DNSRBLs and then let the users decide.
Unfortunately, this doesn't scale. You still have to process the mail, which is
no trivial task given the sheer amount of spam sent.
Within the consent framework relying on a single source of information is not
a good thing. The best thing is using multiple sources of information and
then
letting the consent system decide what do with it.
Best from a convenience standpoint, certainly. But given limited resources
for handling mail and nearly unlimited resources for sending it (via millions of
unsecured proxies and worm-ridden machines) it's not best from a performance
standpoint.
A perfectly convenient system mailbombed to a standstill is no longer a
perfectly
convenient system. You have to strike a balance between convenience and
efficiency.
Mail administrators should be aware of the need to investigate
blocklists - this is something for the BCPs.
Pardon my sarcasm, but mail administrators should also be aware of the
need to chew before swallowing. Do we really need to put this in a BCP?
Also, shedding some light on the inner
working of a blocklist such as SPEWS.org, by a third party might make
it easier for mail administrators to evaluate it.
How so? Anyone who does half an hour of research into SPEWS can
figure out the salient points in regards to SPEWS. And if they can't
they shouldn't use it.
The purpose of auditing is to make sure that the blocklist procedures
listed on their website are actually being followed. That's all - all
we need to know is whether SPEWS.org or some other DNSRBL is actually
listing and de-listing IPs based on the criteria that is mentioned on their
website. And if there is no such criteria, then the DNSRBL in question
can write one based on whatever philosophy they want. Currently many people
do not trust a closed no-contact DNSRBL to actually follow their own
procedures, but rather believe that a lot of listing/delisting
procedures are being done on a whim.
Great. So don't use that DNSBL. If that's your opinion of them, you don't
need a third party to increase your distrust.
If you operate a DNSRBL, then disclose your inner procedures and
actually follow them.
Or don't. It's only your reputation. You can run a DNSBL by consulting
tarot cards if you like. Or by some totally secret means known only to
yourself. Admins will judge it by the results.
IF for whatever reasons you do not want to do so, then have someone
else audit your procedures and let them vouch for you.
Maybe I don't really care if anyone vouches for me. Maybe my list is
primarily for my own personal use and only published as an afterthought.
If others find it useful, great, and if not, that's great too.
jason
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg