John Levine wrote:
We finally have a revised draft of the BCP for blacklists. Take a look
and see what if anything merits changes.
As a newbie, I post my opinion in the hope that it can be a useful feedback.
| a private DNSBL is used solely by an
| organization for its own use and the data is not made available
| publicly.
I would drop "solely". Even if the data cannot be looked up, there may be
forwarding agreements. For example, Hotmail allows postmasters to subscribe
in order to be informed about spam reports related to their IP addresses.
| This document is also intended to provide guidance to DNSBL
| administrators so that [...]
Why "also", isn't it the primary purpose? (I'd say there is no substantial
difference between DNSBL operators and administrators.) Rather, I would
mention there that the document also provides guidance for DNSBLs users,
in view of the section that follows.
BTW, a section is missing about end users' role in reacting to bounces.
| 6. Are web pages for removal requirements accessible and working
| properly?
That they are working properly is too difficult to assess, for a user.
I would add two points to that list:
* If at all possible, system admins should allow their customers to configure
which DNSBLs they want to disable for their mail, if any.
* System admins should make sure they don't lock out their own customers. (This
sounds obvious, but since the corresponding recommendation is made for DNSBL
admins...)
| 2.2.2. A Direct Non-Public Way to Request Removal SHOULD Be Available
Some DNSBLs mention that removal requests should come from the person in
charge. Who is that? IMHO, the person in charge for an IP address is the
one mentioned in the corresponding whois record at the relevant RIR. It may
be worth establishing (confirming or denying) that point.
BTW, is it a good practice to send listing/removal notices to the relevant
postmaster or abuse addresses?
| 2.2.3. Removals SHOULD Be Prompt
|
| Requests for removal SHOULD be honored without question. [...]
That section apparently assumes more about a DNSBL's policy than the rest of
the BCP. For example, a previous section considers listings associated with
geographic information. Aren't there valid exceptions for automatic delisting?
| 2.2.4. SHOULD Have Similar Criteria for Listing and Delisting
"Criteria for Listing and Delisting SHOULD be symmetrical." Sounds better?
| 3.4. Shutdowns MUST Be Done in a Graceful Fashion
Since it has been mentioned that commercial DNSBLs exist, it may make sense
to recommend that they use adequate renewal methods. (For example, Trend Micro
is still missing a credit card based self-renewal web page.)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg