I get the feeling you're happy with certain blacklists.
I believe it is possible to run a blacklist for certain very narrow
purposes in a legal, useful and acceptable fashion. I do not think
it is remotely possible to stop spam through blacklists.
It's two issues
[*] you feel stuck on: 1) Collateral damage and 2) anonymity. So I'll
try to address those.
Collateral Damage
-----------------
This is a really tough issue. There's really only one DNSBL that I
support in terms of its collateral damage policy and that is the SBL.
They will escalate a listing from the IP addresses sending
spam to the
corporate mail servers of the ISP in question if they are
unable to get
action from that ISP in removing the spammer. They do not do this
lightly - only after making numerous attempts to contact the ISP both
via email and telephone calls. Note the fact that the
escalation is not
to the entire ISP - just to the corporate mail servers of the ISP.
This is action against the ISP and not a third party. I would have no
objection to that type of activity, it does not raise the issues of
contract interference.
There could still be an issue of course if the reason for the listing
was simply malicious but that would be no different from listing the
spammer.
Anonymity
---------
We did not wish to prevent anonymity in the BCP because it provides
useful protection to the people who run these services. This
has become
necessary not because what they are doing is illegal, but because the
cost of even a failed lawsuit in the US is too much for the
creators of the blocklists to bear.
I don't believe in anonymous reputation services.
If blacklists are going to demand accountability they must accept
accountability - from all parties they affect, not just the ones they
choose.
I believe in the democratic rule of law, no exceptions. If the legal
system is broken then it has to be fixed. There are plenty of blacklists
that operate in the open. Spamhaus operates in a legal regime wrt libel
that is far more hostile than the US.
I do not believe that it should be legal for a public service ISP to
use any anonymous blacklist service to filter customer's mail.
Do I wish that these blocklists could all be public facing and not
anonymous? Absolutely! But the reality of your litigious society has
ensured that this is becoming more and more difficult.
When we started VeriSign nobody else dared to run a public service
CA because they feared the liability issues. Today the liability
issue is considered irrelevant by many CAs and CA customers (heh,
they got a surprise comming). The reason is that VeriSign did such
a good job of anticipating the legal issues and pre-empting them.
The blacklist I am currently looking to establish will probably not
block any spam at all, it will block less than 1% of the web sites
mentioned in spam, hopefully though it will block 80%+ of a certain
type of fraud.
I want the blacklist to be used near universally, therefore I want
to make it practically impossible for a false positive to occur -
even though people will clearly attempt to engineer them.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg