On Thu, 8 Feb 2007, Matt Sergeant wrote:
Requests for removal SHOULD be honored without question.
I think this requirement needs more hedging, since it depends on the
DNSBL listing policy. For example, the requirement is not appropriate
if the listing is based on who the address space has been allocated to,
especially if the reason is that it has been allocated to criminals.
In that case you expect to come into conflict with people who are listed.
I strongly believe this is covered by the verbiage in this section. Should a
criminal spammer find himself listed in the SBL (for example), he should be
allowed to immediately request removal, and be granted that. As soon as he
spams, he should be immediately relisted. And the limits on removals be made
harder for him/her - see the second to last sentence in that first paragraph.
The intention is to make innocent listings easy to remove, and criminal
listings harder to remove.
Is this always desirable? Does anyone here have any statistics about how
long a spammer can spam on average before being picked up by DNSBLs? My
impression from our use of Spamhaus is that detection is slow. On our
system with about a 1,000 active mail accounts only about 1% of spam
source IP addresses were seen more than once in the test week, suggesting
to me that it would be difficult to tell if spamming had ceased in less
than several months unless one had a very large set of spam traps.
If removal must be automatic, doesn't that unnecesarily give the spammer
twice as long on the IP address? It seems like that would double the
amount of uncaught spam. I would have thought that confirming a delisting
with the ASN abuse contact or providing reverse name look to a non-generic
host name would be reasonable precaustions a DNSBL might wish to impose
before delisting an address, and that in any case it should be up to list
policy.
There is a principle of statistics that if your detector sees only a small
fraction of events, then variation in the rate is mostly random, and not
evidence of variation in the underlying process.
Daniel Feenberg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg