"Nick Nicholas" <Nick(_at_)habeas(_dot_)com> wrote:
The draft looks pretty sensible to me.
1.1. DNS-Based Reputation Systems
DNSBLs are either public or
private. A public DNSBL makes its data available to any party
seeking information from the list, but a private DNSBL is used=20
solely by an organization for its own use and the data is not made=20
available publicly.
There are also commercial DNSBLs which are public except that "any party"
must be willing and able to pay.
2.2.1. Listings SHOULD Be Temporary.
With the exception of DNSBLs that that are based on data that does
not change, such as those include the IP addresses associated with=20
a specific country or geographic region, all listings SHOULD be=20
temporary so that an entry will time out at some point in the=20
future.
IP addresses can move country or region - consider an international ISP.
I don't think there are any certain unchanging attributes of IP addresses.
2.2.3. Removals SHOULD Be Prompt.
Requests for removal SHOULD be honored without question.
I think this requirement needs more hedging, since it depends on the
DNSBL listing policy. For example, the requirement is not appropriate
if the listing is based on who the address space has been allocated to,
especially if the reason is that it has been allocated to criminals.
In that case you expect to come into conflict with people who are listed.
3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
When a DNSBL ceases operations and is taken out of circulation,
it MUST do so in a graceful manner so that it does not create=20
excessive DNS queries or list the entire Internet.
What do you mean by "excessive"? Is this a reference to insane DNS
clients that generate more traffic when a DNS server goes away?
4. Security Considerations
Like all DNS-based mechanisms, DNSBLs are subject to various=20
threats outlined in [RFC 3833].
The recommendations for DNSBL users should be in this section. It's worth
emphasizing that spam is a security problem and that DNSBLs are one
of many ways to tackle it. DNSBLs usually relate to the SMTP client,
which can have a limited relationship to the origin of the message if
the client is relaying or forwarding. However RHSBLs exist as well,
which have no guaranteed relationship to the client or the origin of
the message, but can still be useful.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
HUMBER: NORTHWESTERLY 5 OR 6. MODERATE OR ROUGH. WINTRY SHOWERS. GOOD.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg