On Mon, Nov 10, 2008 at 05:12:56PM +0000, Steve Linford wrote:
I certainly agree that there are hundreds of small DNSBLs run from kid's
bedrooms which list on incomprehensible wildly over-broad policies and
that such DNSBLs are both antagonistic and useless and as a result are
used by almost nobody - that's 'market force'. But to pretend that the
dozen major DNSBLs make listings based on "unauthenticated rumor" or
"because the IP did not have 'mail.' or 'mx.'" is just silly mud-slinging
itself based on equally "unauthenticated rumor" and is especially odd if
it's coming from within IETF itself.
Let me get this straight. It's OK to block e-mail messages on the
basis of unauthenticated rumors, but now you are complaining that it's
somehow dirty pool to block a standard based on the same thing? After
all, it's the same argument; there's a lot of evil e-mail messages out
there; the cost of letting even one of those messages through is
unacceptable, so false positives are OK. Similarly, there are a lot
of bad ideas out there, many of which have folks clamoring to have
them be standardized, just as spammers hope to get people to visit
their spamvertised web sites. And in both cases, it's "just
business"....
I have no problem with the IETF documenting the world as it exists.
That's what an informational track RFC does. There's a process by
which a specification gets annointed to become a standard, and others
more eloquent than I have already pointed out the dangers of trying to
skip steps in the standardization process.
Questions like, "so how does this work in the face of the expanded
IPv6 address space", ideally should be addressed earlier during the
standardization process, and not in last call (where, "oh well, we'll
just block the whole /48 or /32" might have unfortunate side effects
not forseen yet) --- but which don't make sense if the goal is to
document existing practice.
The fact some DNSBLs are in widespread use (I can speak only for
Spamhaus, our DNSBLs are today used by something in the region of 2/3 of
internet networks) is good reason why it's important to publish a
standard and format for the technology.
There's a big difference between "use" and "Use". If a spamassassin
configuration (by default) uses a DNSBL to add a point or a fraction
of a point to a spam score, where it might take a spam score of 10-15
before spam is dropped, that's a very different usage model than
someone who, on the unsubstatiated word of SORBS or APEWS, drops the
e-mail on the floor where it is never seen again.
And for those who would argue that it's not their problem how the
DNSBL is used, since after all that's the responsibility of the folks
using the DNSBL, I'm reminded of the line from the Tom Lehrer song:
"Vonce the rockets go up,
who cares vhere
they come down?
It's not my department,
says Verner von Brown."
- Ted
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf