Dear Nick & Co.,
Thank you for publishing this very nice DNSBL BCP draft! I personally,
still being a student, learned a lot of this paper and want to
share some of my thoughts.
or flawed formmail scripts on web pages. Additional DNSBLs were
developed by others in order to address these changing tactics, and
today more than 700 DNSBLs are in operation.
I don't mistrust you, but I am very interested for the source of this
figure 700 :)
When choosing to adopt a DNSBL, an administrator should keep the
following questions in mind:
1. What is the intended use of the list?
2. Does the list have a web site?
3. Are the list's policies stated on the web site?
4. Are the policies stated clearly and understandably?
5. Are web pages for removal requirements accessible and
functioning properly?
6. How long has the list been in operation?
7. What are the demographics and quantity of the list's user base?
8. Are comparative evaluations of the list available?
9. What do your peers or members of the Internet community say
about the list.
Personally I would add the following:
- How much does the usage of the list cost?
- How can I access the list (DNS, rsync, HTTP, ..)?
Most DNSBLs can effectively use a "no questions asked" removal
policy because by their very nature they will redetect or relist
problems almost immediately. They can mitigate more organized
attempts to "game" the system by elementary checking and rate-
limiting procedures, increasing lockout periods, rescans etc.
Furthermore, a few IP addresses more or less do not make a
significant difference in the overall effectiveness of a DNSBL.
Moreover, a "no questions asked" removal policy provides the
huge benefit of a swift reaction to incorrect listings.
What's when we talk about removing entire net ranges, e.g. a /8
network? IMHO its dangerous simply removing such an entry from
the list. On the other hand it should not only be possible to
remove single IP addresses, since some/most providers use MTAs
from at least /24 blocks to spread their mails.
the DNSBL. There SHOULD NOT be any extra rules for de-listing
other than the ones listed in the published listing criteria.
Does this implicate removing SHOULD be cost-free?
Removals SHOULD be possible in the absence of the list admin.
Why is this not a MUST? An absence will harm the list and of
course its users in a very bad way.
3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
I suggest to add that list administrators SHOULD publish it (website,
newsletter, common mailing lists etc.) in time before going down.
Finally I feel the need for mentioning a news service in terms of
a newsletter or a mailing list. Some DNSxLs (e.g. ahbl.org) offer
such services that guarantee a user of this DNSxLs to be up-to-date.
I prefer this way of notification rather than polling on websites.
All the best,
/Christian
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg