Douglas Otis wrote:
Most black-hole/block lists are based upon the IP address where the
octets are in reverse order. The network provider can be noted by who
advertised the address space.
See:
http://www.team-cymru.org
This technique depends upon ASNs observed in BGP announcements. This
information is often processed with a program like zebra, for example.
Or home grown stuff using routeviews.
The mechanics of doing this are well understood, however:
Determining the network provider helps establish their reputation,
which should represent a significant factor in whether their
advertised space can be trusted.
Very few existing (at least public) DNSBLs pay any attention whatsoever
to this. Those that do usually do little more than ad-hoc aggregate
statistical reports, eg http://cbl.abuseat.org/country.html and
http://cbl.abuseat.org/domain.html, or Spamhaus's country/provider top
100 listings, or Cymru's or helping guide the manual escalation of
manual listings...
Hence, it misses the "C" ("current") required for a BCP.
It may be the perfect reputational DNSBL design, but it's still not a
_current_ one, and is hence not eligible for a BCP.
Secondly, it's DNSBL listing policy, not operational practise. Thus, it
is out of scope for the document at hand _even_ if such DNSBLs existed
today.
So while this discussion might lead to ideas for new DNSBLs (I've gotten
several ideas already - I already do most of the hard computations) with
more advanced listing criteria, it's totally irrelevant to a DNSBL
operational BCP.
As a discussion for future work in DNSBL/reputational systems it's a
reasonable topic for ASRG. But, it has _nothing_ to do with the BCP -
this subthread diverged from relevance some time ago.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg