[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 7. Best Practices - DNSBLs

Subject: Re: [Asrg] 7. Best Practices - DNSBLs
From: "Chris Lewis" <clewis@nortelnetworks.com>
Date: Wed, 13 Aug 2003 17:30:28 -0400
Cc: Asrg@ietf.org
In-reply-to: <a06001204bb604fb721ac@[10.0.1.4]>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <3F3A9897.6010307@americasm01.nt.com> <a06001204bb604fb721ac@[10.0.1.4]>
Sender: asrg-admin@ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Brad Knowles wrote:

At 3:59 PM -0400 2003/08/13, Chris Lewis wrote:
 =head2 Listings should be temporary

 Listings should all be temporary (suggested default listing period:
 24 hours L</Footnote1>) so that if your blacklist doesn't get around
 to removing the entry then it times out at some point in the future.
Fine, but if the entry is removed and then you discover reason to put it back again (maybe because of a re-scan, or whatever), then the next timeout should be longer.

I'd recommend something like a bounded exponential backoff.

A bit further down:

=head2 Removals must be prompt

The preferred way of doing this is I<removal without question>. This allows people to ask and get their IP address removed immediately, but does not prevent the blacklist owner re-listing their IP address at a later time (subject to seeing more spam, or re-checking the IP address security). A re-listing due to a false removal request may result in a longer timeout (i.e. a penalty).

Covers that. Agree tho, should mention "bounded exponential backoff". I've fudged the original a bit.

Moreover, I think I'd probably move someone from the "confirmed" list to the "probationary" list immediately, then investigate their claims of being cleaned up. They might have to stay on the probationary list for a while before I'd be willing to let them off completely. If they ever came back, they'd stay on the main list a lot longer, have to stay on the probationary list a lot longer the next time they claim to be cleaned-up, etc...

We prefer an instant removal and relist upon subsequent re-detection or re-test. Tho, a delay algorithm on removal (initially zero) is reasonable.

Other than that, it seems to be reasonable. I look forward to seeing an expanded version that details tools and methods that can be used to run a real-world black list.

I don't think BCPs should get too specific about methods/tools - especially because they're often obsoleted quickly. It's important to get the principles laid out.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] 7. Best Practices - DNSBLs
  - From: Brad Knowles

References:
- Re: [Asrg] 7. Best Practices - DNSBLs
  - From: Chris Lewis
- Re: [Asrg] 7. Best Practices - DNSBLs
  - From: Brad Knowles

Prev by Date: Re: [Asrg] 7. Best Practices - DNSBLs
Next by Date: Re: [Asrg] 7. Best Practices - DNSBLs - Article
Previous by thread: Re: [Asrg] 7. Best Practices - DNSBLs
Next by thread: Re: [Asrg] 7. Best Practices - DNSBLs
Index(es):
- Date
- Thread