Re: IP-based reputation services vs. DNSBL (long)

From: TS Glassey <tglassey at earthlink.net>
To: Matthias Leisi <matthias at leisi.net>
Cc: IETF <ietf at ietf.org>
Date: Tue, 11 Nov 2008 10:42:04 -0800
In-reply-to: <4919CB7C.3070604 at leisi.net>
References: <49172BCE.2000705 at network-heretics.com> <alpine.LSU.2.00.0811111711310.14367 at hermes-1.csi.cam.ac.uk> <4919C264.4000209 at network-heretics.com> <4919C6FA.909 at earthlink.net> <4919CB7C.3070604 at leisi.net>

Matthias

Any DNS BL Listing process where those listings are based on complaintswould create this.

The issue is that if SPAM HEADERS can have the source addresses forgedthen the DNS Blocking systems which were listed in those forged headersneed to take that into account. So far as I can tell they dont.


Todd Glassey

Matthias Leisi wrote:

TS Glassey schrieb:

4. effects of DNS caching.  if a host is removed from a blacklist it
should arguably be removed from all caches instantly, but DNS isn't

designed to facilitate that.

The use of the term "SHOULD" here has legal implications - since many of
these hosts were put into the BL's by Address Spoofing they were in fact
NOT where the offensive SPAM was coming from and so placing those hosts
there when the real issue is the refusal of the EMAIL Admin to do proper
Header Filtration and Validation creates a direct liability.


I'm sorry to jump in once more. The paragraph above is simply incorrect.
A DNSBL that would be fooled by "address spoofing" would not provide
much value. What do you mean by "address spoofing"? Falsified "From:"
lines?

-- Matthias
------------------------------------------------------------------------


No virus found in this incoming message.

Checked by AVG - http://www.avg.comVersion: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/10/2008 7:53 AM

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: IP-based reputation services vs. DNSBL (long)
  - From: Chris Lewis

References:
- IP-based reputation services vs. DNSBL (long)
  - From: Keith Moore
- Re: IP-based reputation services vs. DNSBL (long)
  - From: Tony Finch
- Re: IP-based reputation services vs. DNSBL (long)
  - From: Keith Moore
- Re: IP-based reputation services vs. DNSBL (long)
  - From: TS Glassey
- Re: IP-based reputation services vs. DNSBL (long)
  - From: Matthias Leisi

Prev by Date: Re: IP-based reputation services vs. DNSBL (long)
Next by Date: IPv6 traffic stats (was: Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists))
Previous by thread: Re: IP-based reputation services vs. DNSBL (long)
Next by thread: Re: IP-based reputation services vs. DNSBL (long)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: IP-based reputation services vs. DNSBL (long)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.