On Tue, May 04, 2004 at 12:44:45PM -0400, Chris Lewis wrote
In terms of improvements to this BCP, I have an idea that
would render the rest of the BCP moot...
I don't think BCP'ing a requirement that ISPs permit their users
choice as to which BL to use is practical, desirable or even useful.
Indeed, such a BCP would be a complete waste of time for _us_,
because our users (employees) don't get that option by policy.
That's not what I meant. I specifically refered to clients. The
employees are *NOT* your paying clients, so that requirement can not be
read as applying to them.
The ISP I use for my remote inbox has enduser-configurable blocking
rulesets. I block Nigeria, most of non-English Asia, Isreal, chunks of
Europe, and 200.0.0.0/7 (Latin America). People over there effectively
see challenge/response from me. Before anyone starts ranting about
"Challenge Response Authentication Protocol", my challenge is a 550
message issued right after the RCPT: stage of the SMTP transaction. It
contains a URL pointing to my webpage which lists my current, temporary,
unfiltered email address.
Different people end up on different spam lists. And of course, someone
who has business contacts, friends, and/or family in the above-mentioned
countries would obviously not like my particular configuration. I see
the biggest problem with DNSbl usage (and filter usage for that matter)
as being the one-size-fits-all approach. People are different, and
there email requirements are different.
The document is about best practices with regards to DNSbls, and it
should include ISPs' usage thereof. *THE* biggest problem associated
with DNSbls today is that endusers often don't have a say about their
usage (not even whitelisting ability).
It's easy for many in the "NANAE elite" crowd to switch ISP and
re-route incoming email addressed to a personal domain, without having
to notify dozens or hundreds of contacts about a new email address. Joe
average does not have that ability, and big corporations find ISP
switchovers a painful experience. They are stuck with being blacklisted
even if they personally don't spam. This creates lots of public
resentment which the DMA will capitalize on.
Failing to address that problem will give the DMA allies (like David
Berlind) in their fight to outlaw DNSbls or at least ram ISP-wide
whitelists down ISPs' throats. Making use-of-DNSbls an enduser decision
will allow ISPs to point the finger at paying customers and say that
they excercised freedom of choice. It will take away spammers' main
argument in lawsuits and for anti-DNSbl legislation.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg