ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"

2008-04-04 14:37:37
from [Steve Atkins] [Permanent Link] 

On Apr 3, 2008, at 7:20 PM, Chris Lewis wrote:

Justin Mason wrote:

SM writes:

At 09:45 03-04-2008, Chris Lewis wrote:

That's two votes for a 127.0.0.2 (as 2.0.0.127.<queryroot>)  
testpoint,
and one for a variety of wierd domain named ones, none of which is
example.com.  In the latter (SURBL), they say that Justin Mason
suggested _not_ using "example.com" (eg: example.com.sc.surbl.org)

For my own curiousity, I'll ask why Justin said example.com was  
bad.

These lists are used to detect URIs appearing in the message
body.  example.com is a domain reserved for examples and can  
appear in ham.


Exactly.


I feel so ... dumb ;-)  127.0.0.2 will have similar problems.  The  
thing
to choose would preferably be something that's not resolveable, and is
unlikely to ever be used in a real link.  SURBL has something like
"this-is-not-likely-to-ever-appear.<queryroot>".  Perhaps the BCP  
should
 simply give suggestions on how to invent a test string rather than
mandating a specific one.  Or punt.


It's the eicar problem.

I think there needs to be a standard test string that can be used for  
liveness
testing. It doesn't need to be a syntactically correct domain, though  
if it
were that would make it easy to use for testing of an entire filtering  
system
as well as life-testing of a blacklist. It does need to be common across
blacklists, though, so that it can be hard-coded in software - so that  
URI
based filters can be given new private or public lists to use, without  
the
software developer needing to be aware of them, and can still do  
liveness
checks, to ensure that dead lists aren't queried.

I'd suggest

   "always-listed.standard-email-filtering-test-domain.com"

The latter leaves the possibility of using things like this ...

   url-in-body.standard-email-filtering-test-domain.com
   from-address.standard-email-filtering-test-domain.com
   helo-string.standard-email-filtering-test-domain.com

... to use as standard test patterns for particular sorts of domain  
based
lists that can be used to test whether an entire filtering system is  
working
correctly. (This would be in addition to list-specific test strings that
allow users to craft domains that will hit SURBL, but not URIBL and
so on, not in place of them).

Cheers,
   Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Douglas Otis
Next by Date:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Matt Sergeant
Previous by Thread:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Chris Lewis
Next by Thread:  Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage", Matt Sergeant
Indexes:  [Date] [Thread] [Top] [All Lists]