From: Meng Weng Wong
Sent: Sunday, June 13, 2004 1:00 PM
<...>
We can use a shell organization, invitation only, to funnel
well-respected reputation systems through.
Only the distribution and lookup parts have to be open; the
data generation part can be relatively closed to a trusted
group.
That's the way the successful DNSBL's generally operate. FWIW, for a DNSBL
to be successful, regardless of whether it is RHS or IP based, you need to
have a few things. One or two exceptional lists have avoided some of these,
but in general, many lists that don't have these have died:
transparency
------------
the listing and delisting policies must be published; it is permissible to
say that listings are generated by a trusted network of sysadmins (i.e.
SpamHaus) and we don't accept third-party nominations, but you have to say
so to be credible; not having a delisting policy, i.e. a list you can't get
off (Seward), is not a good idea, so the delisting policy should be explicit
and detailed
evidence-based
--------------
no matter how you generate your listings, you have to maintain evidence of
spamming activity; ideally, this should be freely available for query,
though not by automatic means; user addresses should be carefully munged;
unfortunately, randomized codes that identify users are nearly impossible to
identify
non-retaliatory
---------------
listings can't occur for arbitrary or personal reasons; similarly, they
can't occur because someone doesn't like the way a domain is managed; this
can't be personal: either there is evidence or there isn't a listing;
delisting has to work the same way for everyone, no matter how much you hate
them
sufficient bandwidth/geographic redundancy
------------------------------------------
successful DNSBL's will be DoS'd; it comes with the territory, and you have
to be able to operate during a major attack; you also need enough bandwidth
to continue the several-times-a-day zone transfers to large mailers and
friendly mirrors while answering individual queries from smaller systems
without timing out
legal resources
---------------
most successful DNSBL's get sued at some point; the suits are all losers,
but if you don't have the legal resources to defend yourself, you have no
choice but to fold the service; unfortunately, several otherwise excellent
lists have died this way
sufficient staff
----------------
whether the staff is volunteer, paid or both, there need to be enough heads
around to deal with the workload; EasyNet in the Netherlands was for years
one of the best on the net, and when it folded this year, we were all
shocked to learn that it was the work of one incredibly dedicated
individual; this guy's karma is set for the next three lifetimes, but that's
not a sustainable way to run a service; I suspect something similar happened
with the Reynolds T1 list in Australia, but I believe it was absorbed by a
larger entity and Mark continues his fine work there
One way to deal with all this is to contact some established list
maintainers i.e. SORBS, DSBL, and see if they are interested in expanding
their RHS offerings. Hope this was helpful.
--
Seth Goodman