Barry Shein wrote:
I certainly agree with the spirit of what Walter Dnes is saying below.
Looking at the BCP draft makes me feel like I'm watching a bunch of
cub scouts propose how to deal with Al Qaeda.
I had to deal with the GruBourVulis - you remember that, don't you? I
assure you, I know rather more about this than a cub scout...
On May 2, 2004 at 17:59 waltdnes(_at_)waltdnes(_dot_)org (Walter Dnes) wrote:
> On Fri, Apr 30, 2004 at 03:23:10PM +0100, Matt Sergeant wrote
> > Our aim with the BCP was not to fit it around _all_ current practices,
> > but to fit it around best practices. If you have good reasons for
> > going against the guidelines please state them and we can consider
> > the modification of the BCP.
> The BCP document assumes that people are nice, or at least polite. If
> they were, there wouldn't be a need for DNSbl's in the first place. In
> a "kinder gentler" world, paragraph 2.6 MUST-have-a-contact requirement
> would make sense. However, in real life, spammers aren't nice. Consider
> the following...
We're well aware of them. Amongst other things, Matt and I were
physically present when Felstein went after Alan Murphy of SpamHaus (and
the FTC commissioner ;-)
You're presupposing the BCP requires BL operators to identify
themselves. It does not. ORDB, CBL and many other BLs do not. Just a
non-public contact address or web site. Via anonymizing relays if desired.
> If I sound passionate, it's because DNSbls help keep my email usable,
> which gives me a personal stake in the success/failure of DNSbls. If
> they go under, I'll either switch to whitelist-only, or possibly give up
> on email altogether.
Put me in for a big ditto on that. This BCP should have almost zero
effect on current useful BLs. Furthermore, I suspect that this will
encourage more large sites to use BLs. Which is a huge win for BLs and
anti-spam.
> In terms of improvements to this BCP, I have an idea that would render
> the rest of the BCP moot...
The primary intent behind the BCP was to give BL operators an
understanding that they should formalize their operations well enough to
allow ISPs (or individuals) to make informed choices on what BL they
use. To make it clear to them, for example, whether spite listings were
to be expected, or whether you could rely on the BL's "reasonably
timely" response to problem reports. In other words, accurate depictions
of what the BL does, how well they're run, to help a site or user
determine how much trust to place in the BL.
Sites and users need to know these things in order to make informed
choices.
I don't think BCP'ing a requirement that ISPs permit their users choice
as to which BL to use is practical, desirable or even useful.
Indeed, such a BCP would be a complete waste of time for _us_, because
our users (employees) don't get that option by policy.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg