On 10/25/2010 12:16 AM, John R. Levine wrote:
https://datatracker.ietf.org/doc/draft-irtf-asrg-bcp-blacklists/
I wrote the darn thing, and I really don't want to do this, but I think
we have to make a policy item tighter. It's something that's been
percolating for a while but didn't hit my forebrain again until _after_
I submitted this version for publication.
2.2.4. SHOULD Have Similar Criteria for Listing and Delisting
This section, in the original draft long ago and far away, was
originally crafted to more directly target some of the more outre
delisting requirements of some DNSBLs. Eg: the one that required
completely re-inventing the ISP's DNS and management infrastructures.
But more particularly, the ones that demand payment of some kind for
delisting. I think the section title even included the word "extortion"...
I was persuaded at the time to adopt more wishy-washy wording about how
delisting criteria shouldn't be "too far off" the listing criteria -
which adequately covers some of the, er, non-monetary wierdnesses. But
I think we have to be a bit more explicit on the monetary side.
I've always had a strong opinion that spam filtering methodologies must
_not_ be in conflict of interest. Further, they must also _not_appear_
be in conflict of interest.
In more concrete terms, I don't think a DNSBL used for blocking should
ever place itself in a position where they seem to profit from a
particular listing or delisting, regardless of whether they really do.
Think conflict of conflict-of-interest law, and corporate ethics policies.
What I would like to do is add paragraphs much like this to 2.2.4:
-----------
Some DNSBLs used for blocking/negative reputation have had a practise of
requiring fees or donations to charities from the listee for a
delisting. It is generally considered entirely appropriate for a DNSBL
to charge for access to it by its users - the definition of a commercial
DNSBL.
However, the practise of requiring a listee to pay for delisting steers
close to notions of extortion, blackmail or a "protection racket". Even
if such accusations are entirely unjustified the practise causes uproar
and damage to the DNSBLs reputation, if not the entire DNSBL mechanism
as a whole. Colloquially, "it smells bad". Therefore, it is
RECOMMENDED that such DNSBLs do not charge fees or require donations for
delisting, and RECOMMENDED that such DNSBLs that do charge fees or
require donations not be used.
-----------
Comments on the need for the change or the text? "STRONGLY
RECOMMENDED", "SHOULD NOT"? Notice I'm still not using "MUST NOT". It
does denote an opinion on the practise of those DNSBLs (which ones will
be obvious) without an outright ban (as much as a BCP can ban anything).
One simple alteration we could consider would be to remove the ", and
RECOMMENDED ... not be used" section of the last sentence.
Or should I just forget about this?
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg