On 9-Feb-07, at 8:12 PM, Douglas Otis wrote:
"6 months is reasonable for a long listing, and this is very well
covered by the last point in this section - that a temporary
listing can easily be extended by (for example) receiving more
spam from this IP/range."
Listing intervals depend upon several factors. One might be
related to who manages the ASN. Regularly enabling dormant IP
addresses within a large, poorly managed network would be a very
bad choice. What is the justification for 6 months?
We decided to pick an upper limit. We picked the most respected DNSBL
(Spamhaus' SBL) to give us that limit - 6 months (for ROKSO SBL
listings). A spamhaus listing will drop off if the ROKSO spammer
stops spamming for 6 clear months.
Remember we're not saying you have to wait the 6 months before re-
checking listing criteria. If the event (e.g. spamming) re-occurs
before that six months is up (say at month 3) you reset the timeout
period.
So a spammer suspends spamming from an IP for 6 months to wait out
the timeout just to start spamming again, and you think that would be
a bad thing? Frankly I think the internet community would be glad of
the 6 month reprieve (and of course the subsequent relisting).
A period that represents typical IP ownership is not likely 6
months. Many of these systems are compromised and can be retasked
to send spam once the IP address drops off a popular block list.
How is 6 months reasonable for a long listing? Why not state a
goal rather than setting some arbitrary period not based upon any
information or rationale.
The goal is stated. If it needs to be clarified we should do that.
It is not possible to disclose _any_ email information without
also disclosing where the message was obtained. It is simply
impossible to fully redact a message to provide such an assurance
of non-disclosure.
Hence why this is a SHOULD not a MUST. It's a tricky line -
compare for example the disclosure given by PSBL (almost full
spamtrap hit contents) vs SBL. Both presumably maintain an
internal audit trail, but one is public and one is private, but
both are reasonably well run DNSBLs.
Publicly listed messages likely represent a sacrificial source.
There lies the rub. What happens when a spammer has an above
average IQ? Your listed, but we can show you why?
Do you have an objection to this point being a SHOULD? Clearly DNSBLs
maintain and even display audit trails and retain effectiveness. I'm
lost by your argument here. The point of this section is that an
audit trail is a valuable thing when there's a complaint about a
listing, or some other issue, so even if it's not public the audit
trail really should exist.
I sincerely hope you're not suggesting that the MAPS dnsbl's don't
maintain audit trails, even if they're not publicly available.
Matt.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg