John Levine wrote:
I'm not sure about this: "DNSBL providers SHOULD NOT be held
accountable in any way for the consequences of use of a DNSBL
applied in an un-intended way."
I believe that the example the authors had in mind is the Spamhaus
PBL, which lists IPs that shouldn't be emitting mail directly to the
net, but which can legitmately send mail by logging into a SUBMIT
server and relaying through there. A common config error on MTAs that
are both MX and SUBMIT is to check the PBL before senders have a
chance to log in, with the effect that roaming users can't send mail.
The more significant problem seems to be the destination MTA doing a
full tranverse of the received headers, and blocks legit email relayed
another ISP's mail server, because the origin is in the PBL (or some DUL).
PBL is "no direct email". My scenario is "blocking _indirect_ email".
Your scenario is "blocking your own users sending properly". Both of
them are _not_ what the PBL (or DUL) are supposed to do.
Spamhaus has warnings about this, but, sometimes the users don't or
refuse to notice.
The CBL has stronger prohibitions about using CBL out-of-scope, but
seems to realize that sometimes it's not such a bad idea, so if the user
insists on out-of-scope use (eg: web serverm IRC or full received
traverse), the user must not blame the CBL for the block, and take the
support hit themselves.
So in any event, the real intent is to say that you can't prevent
idiots from doing idiotic things. If you can come up with a better
way to say that in standards speak, I'm sure the authors will be happy
to adopt it.
Maybe ;-) I also do not believe that the "MUST NOT do X under condition
Y" says anything about "condition !Y". If we had intended to say
something about !Y, we would have said it explicitly.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg