[Asrg] DNSBL BCP v.2.0

Tue Jun 19 08:30:11 EDT 2007

Dear Nick & Co.,

Thank you for publishing this very nice DNSBL BCP draft! I personally,
still being a student, learned a lot of this paper and want to
share some of my thoughts.

> or flawed formmail scripts on web pages. Additional DNSBLs were
> developed by others in order to address these changing tactics, and
> today more than 700 DNSBLs are in operation.
I don't mistrust you, but I am very interested for the source of this
figure 700 :)

> When choosing to adopt a DNSBL, an administrator should keep the
> following questions in mind:
> 1.  What is the intended use of the list?
> 2.  Does the list have a web site?
> 3.  Are the list's policies stated on the web site?
> 4.  Are the policies stated clearly and understandably?
> 5.  Are web pages for removal requirements accessible and
>     functioning properly?
> 6.  How long has the list been in operation?
> 7.  What are the demographics and quantity of the list's user base?
> 8.  Are comparative evaluations of the list available?
> 9.  What do your peers or members of the Internet community say
>     about the list.
Personally I would add the following:
- How much does the usage of the list cost?
- How can I access the list (DNS, rsync, HTTP, ..)?

> Most DNSBLs can effectively use a "no questions asked" removal
> policy because by their very nature they will redetect or relist
> problems almost immediately.  They can mitigate more organized
> attempts to "game" the system by elementary checking and rate-
> limiting procedures, increasing lockout periods, rescans etc.
> Furthermore, a few IP addresses more or less do not make a
> significant difference in the overall effectiveness of a DNSBL.
> Moreover, a "no questions asked" removal policy provides the
> huge benefit of a swift reaction to incorrect listings.
What's when we talk about removing entire net ranges, e.g. a /8
network? IMHO its dangerous simply removing such an entry from
the list. On the other hand it should not only be possible to
remove single IP addresses, since some/most providers use MTAs
from at least /24 blocks to spread their mails.

> the DNSBL.  There SHOULD NOT be any extra rules for de-listing
> other than the ones listed in the published listing criteria.
Does this implicate removing SHOULD be cost-free?

> Removals SHOULD be possible in the absence of the list admin.
Why is this not a MUST? An absence will harm the list and of
course its users in a very bad way.

> 3.2. Cessation of List Operations MUST Be Done in a Graceful Fashion.
I suggest to add that list administrators SHOULD publish it (website,
newsletter, common mailing lists etc.) in time before going down.

Finally I feel the need for mentioning a news service in terms of
a newsletter or a mailing list. Some DNSxLs (e.g. ahbl.org) offer
such services that guarantee a user of this DNSxLs to be up-to-date.
I prefer this way of notification rather than polling on websites.

All the best,
/Christian