Douglas Otis wrote:
Two major players are effective at controlling email abuse, individual
senders and network providers. Enforcement of the network provider's
AUPs offers the greatest impact and creates a hierarchy of
responsibility that fairly distributes costs related to curbing
abuse. The provider must also seek remuneration for their services
and are thus best able to defend against evasive abusers as well.
The concept of "automated individual IP address blocking" based upon
automated detection and instant removal is clearly an ideal aimed at
shifting all culpability onto often anonymous individual senders. At
times, an individualized approach in controlling abuse is
appropriate. However, the strategy taken depends upon the stewardship
of the network provider.
Some networks permit high levels abusive, where their traffic might be
blocked when there lacks justification to re-establish a baseline
which must endure this abuse. Soliciting network providers
involvement sometimes takes years, where blocking just their
individual IP addresses is counter-productive and ultimately
ineffective. This draft is confusing the mechanism with the entity
being held responsible.
I see your point to a degree.
But, in response, you're conflating listing policy with DNSBL mechanisms.
Remember, listing policies that take a broader view (eg: listing ranges
or ASN for multiple persistent problems where they may not exist on all
IPs at any given moment, to make a stronger incentive for the provider
fix it) will most usually fall under imposing collateral damage.
That is permitted by the draft, as long as it's disclosed.
As for longevity of the listing...
We may be able to get around this concern by being more explicit about
saying that "reviewing the listing and deciding it's still applicable"
meets the requirement.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg