[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt

To: Anti-Spam Research Group - IRTF <asrg at ietf.org>
Subject: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
From: Matt Sergeant <msergeant at messagelabs.com>
Date: Wed, 26 Mar 2008 11:18:50 -0400
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <41448BFB-34A3-4C9A-8C87-4C148824D33A at mail-abuse.org>
List-archive: <http://www.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20080325160757.22934.qmail at simone.iecc.com> <47E92CBD.50500 at nortel.com> <463604DB-4522-4A8E-B0BF-D3DC503D23BA at mail-abuse.org> <7d6a0cac0803251228s43291ecbv404b8313739a7f8e at mail.gmail.com> <41448BFB-34A3-4C9A-8C87-4C148824D33A at mail-abuse.org>
Reply-to: Anti-Spam Research Group - IRTF <asrg at ietf.org>
Sender: asrg-bounces at ietf.org
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Douglas Otis wrote:
> 
> This was expanded upon in text you deleted by stating not all BLs  
> depend upon full list automation.  Some lists attempt to audit  
> networks and provide notifications to afford opportunities to remedy  
> issues.  Establishing co-operative relationships often involves time.   
> The time expended means such efforts can easily be gamed, especially  
> when de-listing is automatic at set intervals or acted upon  
> automatically from any request.  Keep in mind, some organizations  
> structure their BL services differently.  Some offer BLs run in the  
> manner suggested by the current version of the draft and others do  
> not.  Trend happens to do both.

OK, so let me just clarify this - when you are listing a netblock (and 
communicating with the owner or whatever you do), you NEVER periodically 
re-check that netblock to make sure it hasn't changed hands or gone 
quiet or anything? It's just listed permanently until the heat death of 
the universe?

Or is it temporary after all?

And if you have reason to remove the netblock, do you not do so 
promptly? Are you holding the owner hostage for some particular purpose?

> Justifying a listing and de-listing policy should consider all factors  
> involved.  This draft concludes de-listing interval of 180 days is  
> sensible without a basis to support the claim.

You've beat this drum before Doug. Please suggest a different figure 
with justification for YOUR figure. The 180 days figure is a maximum 
period which we suggest you list between doing a re-check on your 
listing criteria. It does NOT mean you have to remove the entry after 
180 days, simply that you update the listing within that timeframe as 
IPs do change hands and change purposes.

Despite all of this, these items are SHOULDs so that if your DNSBL 
doesn't meet these criteria it is still ok by the BCP.

> It does not help the cause to have these "SHOULD" statements which, in  
> the end, will likely prove highly counter productive.  While  
> automation helps, it is not a complete solution, nor will automation  
> ever be.  Automation can and is being gamed.

So build in anti-gaming measures. The freely run DNSBLs do.

Besides, automatic delisting can be implemented with human intervention 
- notify your administrators that a range is about to be delisted and 
should therefore be re-checked for it's listing criteria, and the 
expiration date moved back if required.

Matt.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: Douglas Otis

References:
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: John Levine
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: Chris Lewis
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: Douglas Otis
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: Al Iverson
- Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
  - From: Douglas Otis

Prev by Date: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
Next by Date: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
Previous by thread: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
Next by thread: Re: [Asrg] New draft draft-irtf-asrg-bcp-blacklists-01.txt
Index(es):
- Date
- Thread