ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 7. Best Practices - DNSBLs

2003-08-13 14:28:39
from [Chris Lewis] [Permanent Link] 
Brad Knowles wrote:


At 3:59 PM -0400 2003/08/13, Chris Lewis wrote:


 =head2 Listings should be temporary

 Listings should all be temporary (suggested default listing period:
 24 hours L</Footnote1>) so that if your blacklist doesn't get around
 to removing the entry then it times out at some point in the future.
Fine, but if the entry is removed and then you discover reason to put it back again (maybe because of a re-scan, or whatever), then the next timeout should be longer. 

    I'd recommend something like a bounded exponential backoff.


A bit further down:

=head2 Removals must be prompt
The preferred way of doing this is I<removal without question>. This allows people to ask and get their IP address removed immediately, but does not prevent the blacklist owner re-listing their IP address at a later time (subject to seeing more spam, or re-checking the IP address security). A re-listing due to a false removal request may result in a longer timeout (i.e. a penalty).
Covers that. Agree tho, should mention "bounded exponential backoff". I've fudged the original a bit.
Moreover, I think I'd probably move someone from the "confirmed" list to the "probationary" list immediately, then investigate their claims of being cleaned up. They might have to stay on the probationary list for a while before I'd be willing to let them off completely. If they ever came back, they'd stay on the main list a lot longer, have to stay on the probationary list a lot longer the next time they claim to be cleaned-up, etc...
We prefer an instant removal and relist upon subsequent re-detection or re-test. Tho, a delay algorithm on removal (initially zero) is reasonable.
Other than that, it seems to be reasonable. I look forward to seeing an expanded version that details tools and methods that can be used to run a real-world black list.
I don't think BCPs should get too specific about methods/tools - especially because they're often obsoleted quickly. It's important to get the principles laid out. 



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 7. Best Practices - DNSBLs, Brad Knowles
Next by Date:  Re: [Asrg] 7. Best Practices - DNSBLs - Article, Chris Lewis
Previous by Thread:  Re: [Asrg] 7. Best Practices - DNSBLs, Brad Knowles
Next by Thread:  Re: [Asrg] 7. Best Practices - DNSBLs, Brad Knowles
Indexes:  [Date] [Thread] [Top] [All Lists]