[Asrg] New Version Notification for draft-irtf-asrg-dnsbl-07

Bill Cole asrg3 at billmail.scconsult.com
Wed Oct 15 14:33:16 PDT 2008 

At 12:24 PM -0700 10/15/08, Franck Martin  imposed structure on a 
stream of electrons, yielding:
>I'm not requesting for a root.
>
>I'm just highlighting the first post in the thread which is to make 
>clear in the draft there is no root.
>
>Sorry also I'm catching up on the spec (yes I know I should read the 
>archives).
>
>A few questions:
>-DNSBL usualy return an A record where the value ma indicate a 
>status. Should this draft try to codify some answers? For instance a 
>particular answer would mean DNSBL is shutdown
>-Should a listing in DNSBL generates an email to the listed to 
>inform them of their new status. As stated in the document (3.4) 
>many mail servers logs are not well watched, and it may take a while 
>to recognise a listing has been added.

These would both be policy issues, and so belong in 
http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-04 instead, 
if anywhere.

There is some muddled discussion of your first question in Section 
3.3 of that document. Ideas have been tossed around here about what 
should go there, so you may get something out of the list archives. I 
bet Chris & Matt would welcome a reworking of that section, but I 
don't think it is possible at this time to codify much of anything 
beyond what is there already. That boils down to:

1. The IP's returned for a listed address should be in 127/8
2. Lack of an entry for 127.0.0.2 should be considered as an 
indication that a list is dead.
3. An entry for 127.0.0.1 should be considered as an indication that 
a list is dead.
4. For lists that use different IP results for listings to signify 
different things, the meanings should be documented and should be 
similar within a common zone.

I am fairly sure that there has been discussion of listing 
notification policies here in the past. I know that the issue has 
been discussed at great length and vehemence in other places, 
including some like NANOG and the news.admin.net-abuse.* Usenet 
groups that have public archives. My view is that there can be no 
valid blanket recommendation about notifications of listings. This is 
because of the different natures of DNSBL's and because even while 
the principle of alerting listees might fit some lists in theory, in 
practice there is more risk of harm from trying to notify than not. I 
don't think that is too far from the general slant of discussions 
here. Notifications make sense primarily from the viewpoint of people 
who have had IP's listed that send some legitimate mail, but from the 
broader view of all DNSBL's and all listings, those are exceptionally 
uncommon cases. Historically, when unsecured SMTP relays were larger 
contributors to the spam problem and there was a plausible chance 
that mail to postmaster@<listed open relay> would reach a reasonably 
competent human, notifications for those lists that focused on open 
relays made some sense. With no major DNSBL currently specializing in 
that increasingly insignificant niche and mixed sources being 
increasingly the fiefdoms of intentionally inattentive fools, it 
makes less and less sense to ask DNSBL operators to try to engage 
attention with every listing.


-- 
Bill Cole                                  
bill at scconsult.com

More information about the Asrg mailing list