On Mon, Nov 10, 2008 at 05:12:56PM +0000, Steve Linford wrote: > I certainly agree that there are hundreds of small DNSBLs run from kid's > bedrooms which list on incomprehensible wildly over-broad policies and > that such DNSBLs are both antagonistic and useless and as a result are > used by almost nobody - that's 'market force'. But to pretend that the > dozen major DNSBLs make listings based on "unauthenticated rumor" or > "because the IP did not have 'mail.' or 'mx.'" is just silly mud-slinging > itself based on equally "unauthenticated rumor" and is especially odd if > it's coming from within IETF itself. Let me get this straight. It's OK to block e-mail messages on the basis of unauthenticated rumors, but now you are complaining that it's somehow dirty pool to block a standard based on the same thing? After all, it's the same argument; there's a lot of evil e-mail messages out there; the cost of letting even one of those messages through is unacceptable, so false positives are OK. Similarly, there are a lot of bad ideas out there, many of which have folks clamoring to have them be standardized, just as spammers hope to get people to visit their spamvertised web sites. And in both cases, it's "just business".... I have no problem with the IETF documenting the world as it exists. That's what an informational track RFC does. There's a process by which a specification gets annointed to become a standard, and others more eloquent than I have already pointed out the dangers of trying to skip steps in the standardization process. Questions like, "so how does this work in the face of the expanded IPv6 address space", ideally should be addressed earlier during the standardization process, and not in last call (where, "oh well, we'll just block the whole /48 or /32" might have unfortunate side effects not forseen yet) --- but which don't make sense if the goal is to document existing practice. > The fact some DNSBLs are in widespread use (I can speak only for > Spamhaus, our DNSBLs are today used by something in the region of 2/3 of > internet networks) is good reason why it's important to publish a > standard and format for the technology. There's a big difference between "use" and "Use". If a spamassassin configuration (by default) uses a DNSBL to add a point or a fraction of a point to a spam score, where it might take a spam score of 10-15 before spam is dropped, that's a very different usage model than someone who, on the unsubstatiated word of SORBS or APEWS, drops the e-mail on the floor where it is never seen again. And for those who would argue that it's not their problem how the DNSBL is used, since after all that's the responsibility of the folks using the DNSBL, I'm reminded of the line from the Tom Lehrer song: "Vonce the rockets go up, who cares vhere they come down? It's not my department, says Verner von Brown." - Ted _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf