ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"

2008-04-02 09:07:16
from [Steve Atkins] [Permanent Link] 

On Apr 2, 2008, at 6:49 AM, Seth wrote:

Steve Atkins <steve(_at_)blighty(_dot_)com> wrote:


Your intent in listing an IP address in your blacklist is that mail
from that IP address be more likely to be blocked or filtered.


There are whitelist DNSBLs.


No, there aren't.

If it's a whitelist, it's not a blacklist. As for operational use of a
whitelist as a blacklist, see my mention of Habeas below.


There can certainly be DNSBLs designed to make some mail more likely
to be accepted, and other mail less likely.  There are certainly
DNSBLs with information that some sites use to accept more, and
others use to reject more (e.g. country-code).

There are DNSBLs that exist to prove a point, and the intent of the
lister is not to have any sort of usage (nofalsenegatives,
nofalsepositives, noprimes).


And yet, those lists still get significant usage. Up to and including
blocking mail if an IP address is listed on them. That the operator[1]
of those lists is listing an IP address due to some inner aesthetic
rather than any relationship to mail emitted from those IP addresses[2]
does not affect the fact that it is the combination of the listing in  
the
blacklist and that there is at least one mailbox provider using the
blacklist to filter mail that will cause the mail to be blocked.

There are going to be edge cases, certainly. Perhaps there's a DNSBL
that the operator doesn't intend to be used to affect mail delivery, and
isn't aware that is being used to affect mail delivery (such as opm in  
it's
first few days, perhaps)? That operator is not aware that they're  
running
a DNSBL, so they're out of scope for this document (if they're not aware
that they're running a DNSBL then they're not going to be affected by
a BCP for DNSBLs). Perhaps there's something that looks like a DNSBL
on a technical level, but it's not intended to be used as one, has  
millions
of users for it's real purpose and that a couple of people misuse it  
as a
DNSBL isn't going to change the behaviour of the operator (in-addr.arpa
and the Habeas whitelist would be two examples there). Again, though,
if the operator does not believe they're running a DNSBL, they're out of
scope for a DNSBL BCP.

We're talking about common practice, as well as best practice, remember.

Cheers,
   Steve

[1] That I'm the operator for two of the lists you mention means I've
thought about this.

[2] The same is true of some non-abstract lists too.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] DNSBL BCP - enough, already, of the amateur lawyering, Tony Finch
Next by Date:  Re: [Asrg] DNSBL BCP - enough, already, of the amateur lawyering, SM
Previous by Thread:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Seth
Next by Thread:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Al Iverson
Indexes:  [Date] [Thread] [Top] [All Lists]