Philip Miller wrote:
Daniel Feenberg wrote:
On Tue, 17 Feb 2004, Alan DeKok wrote:
A week ago, Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
What I find problematic is that there is an existing identity in
email - IP addresses. If blacklists are made to be more feature
rich, possibly becoming reputation services, that might help. So I
am not sure why going to domain identity or sender identity makes a
difference.
IP addresses are short-lived, and machines at an IP are being
hijacked to send spam. You can't have a blacklist if one IP sends 10
spam in 5 minutes, and then disappears for a week.
But what is the harm in leaving the IP address in the database? If
tomorrow it isn't a spammer, it is still a dynamic IP address, and I
don't
want mail from that address, do I? And tomorrow its new address goes on
the list.
The harm in leaving it in the database depends on the stated policies of
the database operator. If the users of that list know that known dynamic
addresses are being left on after they have been used and discarded, and
still want to use it, that's fine. If users are told or assume that the
database lists known currently-spamming addresses, then leaving dynamic
addresses lying around would be bad.
The same would apply for expired domains as well - if a domain blacklist
is maintained and the domain is seized or expired, and then someone else
registers it, the new owner will be stuck with the listing. Although
this is less likely with domains than IP addresses.
The bottom line is that the main problem with any kind of blacklist -
IP, domain, sender, etc. is the humans maintaining it. "Those who ignore
history are doomed to repeat it" - if we ignore the problems with
current IP blacklists then we will repeat the same problems with other
kind of blacklists like domain lists.
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord
Acton)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg