[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

7. Best Practices (was RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work)

To: <bob@wyman.us>, "'Margie'" <margie@mail-abuse.org>, <asrg@ietf.org>
Subject: 7. Best Practices (was RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work)
From: Yakov Shafranovich <research@solidmatrix.com>
Date: Wed, 06 Aug 2003 14:03:13 -0400
Cc: "Hallam-Baker, Phillip" <pbaker@verisign.com>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

At 12:52 PM 8/6/2003, Bob Wyman wrote:

Margie Arbon wrote:
.......
> IMO, there is as much, if not more, danger in "censoring" mail
> with contect filters - particularly the "black box" types.
        You are, of course, correct. As you acknowledge, there is a
danger that DNSBLs will be used to "censor" traffic on the net -- one
may argue whether this danger is greater or less than the danger of
censorship that is presented by content filters, nonetheless, it is
important to acknowledge that the danger exists. Just as the dangers of
content filters have been discussed in this group, it is appropriate
that we should discuss the danger of censorship that can come from
DNSBLS.

This danger would apply to many other anti-spam technologies. It seems that this more of a policy issue with specific parties operating the DNSBLs and other tools, rather than a technical one. The various issues of how a specific tool operates, how its data is collected, whether its operations are audited, etc. are very important and should mentioned in a BCP for anti-spam tool developers.

Within a consent framework, the individual administrator or developer would choose which sources of information to rely on. While the dangers of using incorrect information apply, it is really the fault of the individual administrators or developers who choose to rely on unaudited or incorrect data coming from anti-spam tools. No one forces administrators today to use specific DNSBLs, they choose to do so themselves. The issues of choosing a reliable source of information is something to be mentioned in a BCP for mail administrators.

In any case, anti-spam tools and proposals including DNSBLs must be accurate as stated in the requirements document (http://www.irtf.org/asrg/draft-irtf-asrg-requirements-xx-01.txt):

----------------snip---------------
2.9 Doesn't Interfere With The Delivery Of Legitimate Mail

The proposal MUST consider, address and keep at a minimum impacts on [legitimate] messaging traffic within the MTS.

2.9.1 Rationale:

Proposals must consider the reasons for successful widespread deployment of the current MTS: low latency, high deliverability, scalability, functionality for multiple content types, etc. Authors should develop proposals that minimize impact in these critical areas for [legitimate] MTS uses. Thus a successful proposal will impact only [spam] and not [legitimate] messaging traffic.
------------snip----------

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work
Next by Date: 7. Best Practices for blacklists (was RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work)
Previous by thread: RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work
Next by thread: 7. Best Practices for blacklists (was RE: [Asrg] Trustic anti-spam system closes down because it doesn 't work)
Index(es):
- Date
- Thread