ietf
[Top] [All Lists]

draft-dnsbl-harmful-01

2005-12-05 05:43:24

Is there a proper place to discuss

http://www.ietf.org/internet-drafts/draft-church-dnsbl-harmful-o1.txt ?

There has been some discussion of the draft in the ASRG list, but no one
their seems to be aware of the most appropriate venue for such discussion,
nor does a visit to the IETF website.

While the author does a good job of listing the negative aspects of domain
name based blacklists, he omits the advantages. A balanced discussion
would accept that for several reasons DNSBLs are the best available spam
suppression technique.

The first advantage of DNBLs I want to mention is a private benefit for
the mail transfer operator, his users, and their corespondents. 

The typical mailserver using DNSBLs for spam suppression REJECTS suspected
bad mail, while a typical content based scanner DISCARDS suspected spam,
or leaves it in a spam folder. In the case of a false positive This is a
significant advantage to the DNSBL, because the actual sender will get a
notice of refusal from the DNSBL based system, but no notice at all of the
discard from the content based system. A user or MTA operator might place
much greater weight on lost mail than rejected mail, as lost mail may be
the source of ill feeling, while rejected mail is merely an inconvenience.  

The second advantage I want to mention is the public benefit to all email
users when MTA operators administer their sites to discourage the output
of spam. In the present legal environment, the existence of DNSBLs is the
primary motivation for such efforts. Without DNSBLs, many large ISPs and
hosting companies would lose interest completely in suppressing spam
spewage from their MTAs and IP addresses. With the resulting increase is
spam messages, content analysis would become increasing difficult.

Without consideration of the advantages of the DNSBL, the author has come
to a foregone conclusion. An IETF document deprecating a superior solution
is unfortunate.

I am aware that some content based scanners are able to reject mail, and
that some MTAs using DNSBLs discard mail, but both situations are unusual,
and the former is technically difficult. In any case, placing suspected
spam in a spam folder seems like more of a way to avoid legal liability
than to improve the user experience.

I am aware that some MTA operators are frustrated by their inability to
get off certain DNSBLs, and I do not have a cost free solution. I have
referred such operators in the past to my page at 

http://www.nber.org/sys-admin/smarthost.html

which suggests that they obtain mail relay service from an operator of an 
unlisted MTA and provides some sources. 

I have done some original research on the effectiveness of DNSBLs which is
posted at

http://www.nber.org/sys-admin/dnsbl-comparison.html

however, the quantitative results are less important here than the
qualitative difference between rejected and lost mail, and the possibility
that ISPs would no longer see any advantage to policing spam originating
in there systems.

Thank you for this opportunity to comment.

Daniel Feenberg
National Bureau of Economic Research
1050 Mass Ave
Cambridge MA 02138
617-588-0343
feenberg at nber dotte org



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>