ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: DNSBL BCP v.2.0

2007-02-14 07:05:47
from [Bill Cole] [Permanent Link] 
At 9:57 PM -0800 2/12/07, Douglas Otis wrote:

On Feb 12, 2007, at 7:46 PM, Matt Sergeant wrote:


On 12-Feb-07, at 5:28 PM, Douglas Otis wrote:


A year is likely to be a typical interval for bulk service agreements.
I'm not sure why you keep persisting on this point. If the criteria for the DNSBL is something like "a known spammer has service on this IP/range" then after (or before) the timeout period the DNSBL must re-check that the spammer still has service on that IP/range, and confirm that indeed the spammer does. Thus the listing is extended beyond the 6 month period. It could last forever for all we care, as long as the listing criteria STILL EXISTS.
There are at least two entities to be considered with respect to a reasonable listing duration. One might be the individual entity administering the system directly associated with the IP address. Another would be the entity providing the IP address and routing from their ASN. The duration of any listing must consider the behavior of _both_. A high density of bad actors within an ASN SHOULD extend duration well into a year and be sure to cover a typical contract period. The goal of the DNSBL operator is often to alter the behavior of the network provider. In such cases it is pointless to focus upon individual IP addresses when the network provider is truly negligent.
I'll repeat myself again: this BCP in NO WAY forces delisting after the timeout period. It makes that clear - you just choose not to read that part for some reason.
I'm done arguing this with you now. We'll discuss between the authors if we think 6 months is the wrong time period but you haven't presented any decent argument for it IMHO.
On the contrary. You have not presented cogent arguments as to why 6 months is a suitable listing duration, especially when a provider is negligent.
Because the BCP does not say that and you are inventing that concept by not reading carefully enough.
If the listing criteria remains true, the entire paragraph talking about 6 months is completely irrelevant.
Individual treatment of IP addresses must be predicated upon the provider enforcing an AUP policy that precludes spamming. 

Says who?
That appears to be fodder for listing policy of a specific DNSBL, not for an operational BCP document.
There are DNSBL's that are insensitive to ISP policy or its enforcement. The CBL is an example, and it is arguably the most useful primary DNSBL in operation, with only the aggregates that include it being more comprehensive.
Any provider that offers unlimited services to spammers should never expect IP address delisting within an interval as short as 6 months. This is being far to generous. In the case of individual IP addresses within a well managed ASN, a request can be made to expedite delistings. Again, when the typical contract is by the year, automatic delisting within six months is still likely too soon.
This would only make sense if you believed the BCP prohibits listing standards that look at ASN-level behavior as a contributing factor to a listing. I don't think it does.
For example, one could operate a DNSBL where a listing is documented to mean "This address space has a history of being assigned by its RIR-registered owner to people with 4-letter surnames." When that DNSBL listed the space I use, and I found it untenable to remain in the space because of the geniuses who think all DNSBL's mean the same thing, the 6-month clock would not start. What would start the 6-month clock would be AT&T going bankrupt and returning the block to ARIN.
While a six month duration might be selected as a means to reduce delisting requests, a poorly managed ASN should still delay a delisting over a much longer period. Incidents of abuse can not always be considered by individual IP addresses, but in conjunction with the ASN as a whole.
There's nothing in the BCP that requires listing standards to ignore ASN behavior, or to include ASN behavior. That is a detail that is out of scope for the BCP, but including ASN behavior as a factor in a particular list (e.g. something like SPEWS but run competently and rigorously to documented testable standards)
Please don't say this should be based upon what _sounds_ reasonable. Perspectives differ between network and email providers, and those operating DNSBLs. The goal of DNSBL operators is to reduce the tide of spam,
Not always. Historically the goals have seemed to include defaming creditors, making political statements about the ethics of various network operators, and demonstrating the clue deficiencies of the mail technical community.
In that last class of DNSBL, the target members have been people who think all DNSBL's are about the same things. 





--
Bill Cole bill(_at_)scconsult(_dot_)com 


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: DNSBL BCP v.2.0, Tom Petch
Next by Date:  Re: [Asrg] Re: DNSBL BCP v.2.0, Bill Cole
Previous by Thread:  Re: [Asrg] Re: DNSBL BCP v.2.0, Tom Petch
Next by Thread:  Re: [Asrg] Re: DNSBL BCP v.2.0, Bill Cole
Indexes:  [Date] [Thread] [Top] [All Lists]