On Mar 25, 2008, at 12:28 PM, Al Iverson wrote:
On Tue, Mar 25, 2008 at 2:36 PM, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
Some BL policies do not adhere to the dubious philosophy expressed
in section 2.2.1 and 2.2.3.
Could you elaborate upon the relevancy of that fact? I'm not seeing
why it matters.
This was expanded upon in text you deleted by stating not all BLs
depend upon full list automation. Some lists attempt to audit
networks and provide notifications to afford opportunities to remedy
issues. Establishing co-operative relationships often involves time.
The time expended means such efforts can easily be gamed, especially
when de-listing is automatic at set intervals or acted upon
automatically from any request. Keep in mind, some organizations
structure their BL services differently. Some offer BLs run in the
manner suggested by the current version of the draft and others do
not. Trend happens to do both. The difference between these two
approaches is rather dramatic in respect to abating UCEs. Neither
management style offers a perfect system. Each offer a level of
service better suited to a range of individual needs. This draft
wrongly assumes only one approach should be used, and that is simply
wrong in many cases. Each of these approaches benefits the Internet
overall, but no one should assume that one approach is always better
than the other in every case.
Justifying a listing and de-listing policy should consider all factors
involved. This draft concludes de-listing interval of 180 days is
sensible without a basis to support the claim. It is not enough to
say this policy has been used by company X, Y or Z. Control on
behaviour is the result of many differing policies. It would be wrong
to conclude one approach is somehow better than another. They all
play different roles and serve different needs. One size does not fit
all. It is a myth the solution to spam is simply a matter solved
through automation and standardized policies. It hard to explain just
how wrong that perspective is.
2.2.1. Listings SHOULD Be Temporary
2.2.3. Removals SHOULD Be Prompt
Automatic de-listing can be highly counter productive in
controlling IP address ranges previously producing substantial
levels of abuse. Requiring owners of an address range to request de-
listing establishes points of contact to better deal with likely
events of future abuse.
I think these should stand as is. I think they cover "it's not
suitable to remove your IP address at this time" eventualities just
fine.
It does not help the cause to have these "SHOULD" statements which, in
the end, will likely prove highly counter productive. While
automation helps, it is not a complete solution, nor will automation
ever be. Automation can and is being gamed.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg