On Fri, Apr 04, 2008 at 10:43:51PM -0400, Chris Lewis wrote:
Personally, I think that collateral damage is a reasonable term, and
all of the dnsbls don't block mail weasel wording is counterproductive,
since we're talking about policy, not code.
Collateral damage is a loaded term, and carries a lot of baggage from
outside of the Internet. I think we have to both mention it (so that
some people know what we're talking about), but at the same time try to
partially neutralize the extraneous knee-jerk reaction.
Let me add two other things to this that haven't come up before.
1. "Collateral damage" is a Vietnam war-era euphemism for unintended damage
during a military operation. I'm guessing that's the baggage you might have
been referring to. DNSBL listings or their usage are incapable of causing any
damage: they don't conduct DoS attacks, for example.
2. [Most] DNSBL listings larger than a single IP don't have "collateral"
effects.
Here's what I mean: suppose spam is received from 1.2.3.42. Suppose a
DNSBL operator queries the network owner and find that 1.2.3.0/24 is owned
by Foo Networks, and decides to list all of it. This affects (obviously)
whoever is at 1.2.3.43. But is it a collateral effect? No. Whoever is
at 1.2.3.43 is not the subject of the listing: Foo Networks is. There's
nothing unintentional about it, there's nothing misdirected about it, it's
not an escalation, it's just an implementation of a particular hypothetical
DNSBL policy which says "if we receive spam from your network, we will list
all of it". There's nothing wrong or right with that policy: it's just one
choice among many.
Now if (in this example) the DNSBL operator made a typographical error (thus
bringing into play the "unintentional" factor) and listed 1.2.3.0/23 instead
of 1.2.3.0/24 (thus bringing into play the concept of effects extending beyond
the bounds they were intended to) then THAT would be a collateral effect.
It's still not damage of course, but it would at least qualify as "collateral"
in this particular sense of the term.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg