ietf-asrg
[Top] [All Lists]

Re: [Asrg] Walter's comments on draft-church-dnsbl-harmful-01.txt

2006-04-01 15:39:56
On Mar 31,  8:59pm, Walter Dnes wrote:
}
}   2) DNSBLs don't block anything, just as restaurant reviewers don't
} pay goons to stand at the entrances of certain restaurants and attack
} would-be patrons with basball bats.  Just like restaurant reviewers,
} DNSBLs publish opinions about certain establishments.  System
} administrators are free to accept or not accept those opinions.

I've never liked this particular flavor of analogy for DNSBLs.  For one
thing, it's backwards.  Independent of who hired the goon, his job is
not to keep people out of the establishment that was reviewed -- it's to
identify those associated with that establishment in order to keep them
out of of *another* establishment.

Some DNSBLs publish opinions ("based on Y, we believe X is a source of
spam"); some publish verifiable facts ("X is an open relay"; "X is in an
IP range allocated to Z"); some publish unverifiable claims of fact ("a
spamtrap received mail from X").  Some publish specific information, and
some publish broad generalities.

Most complaints are about DNSBLs that publish generalities, and involve
individuals who claim either that they don't fit the profile, or that
the profiling itself is invalid; not about "certain establishments" who
claim they've specifically been given a "bad review."

Here's an example of what I consider a more accurate analogy:  It's a
common practice for auto insurance companies to charge different rates
depending on the ZIP code where you live.  If a DNSBL publishing lists
of dynamic IPs is like a ZIP code directory, then the sysadmins who use
it are like auto insurers.

If you want a restaurant analogy:  It's like a restaurant hiring a goon
and giving him a yearbook so he can turn away all local high-schoolers,
because a couple of them once vandalized a restroom.

It's not inherently harmful to publish a ZIP code directory or a high
school yearbook.  It's all a matter of what's done with the information.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg