Hi. All of these questions have come up before on the various lists where this draft was developed, but I suppose it's worth going through them again. >On the other hand, I have a few questions: the first one, why >"Proposed standard"? Is it really a good idea to standardize these >lists (most being badly managed)? Why not just "Informational" if we >just want to document what people are doing? The decscription of IPv4 DNSBLs/DNSWLs and most of the description of domain DNSBLs document existing practice. There aren't any v6 DNSBLs yet, other than for testing, but there certainly will be, and my hope here is to preemptively nail down the bits that are arbitrary choices, e.g., the test addresses, so that software that uses v6 DNSBLs will continue to interoperate, and DNSBL users continue to be able to select the most effective lists by changing lines in a config file rather than reprogramming. Hence proposed standard. >Second question, the document indeed standardizes many things which >are not in common use but does not point towards a rationale, so some >choices are puzzling. Why TXT records to point to an URL and not >NAPTR? That's what nearly all DNSBLs do now. As the draft says in section 2.1, the contents of the TXT are useful to put into a 5xx SMTP rejection message or the report from a scoring spam filter. > Is this because of current usage in DNSxL? If so, this should be > noted. But why IPv6 lists use a A record and not a AAAA? Because the value isn't an address, it's a 32 bit value typically interpreted as bitfields, which happens to be most easily transmitted in an A record. I've rewritten that part of the doc a few times trying to make that clear, but I'd be happy to accept language which makes it clearer. Incidentally, although it may still be the conventional wisdom in the IETF that DNSBLs don't work and aren't useful, in the outside world where 95% or more of mail is spam, they're essential tools to run a mail server. Although there are indeed lots of stupid DNSBLs, those aren't the ones that people use, and there are widely used ones that have vanishingly low false positive rates that let you knock out most of the spam cheaply so you can afford to do more expensive filtering on what's left. Spamhaus estimates, based on the systems that pay for their data feeds, that there are about 1.4 billion mailboxes whose mail is filtered using their lists, and they're the biggest but hardly the only popular high quality DNSBL. It's pretty clear that there are a lot more mail systems that do use DNSBLs than don't. R's, John PS: I noticed a buglet -- in section 5 it says that the apex of a DNSxL zone may have an A record that points to a web server that contains explanatory material. It should of course say A and/or AAAA record. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf