Having spent 13 years managing abuse (Spam/Phishing/Botnets) within a large ISP organization, 5 to 6 years in a leadership position of the Messaging Anti-Abuse Working Group and active member of the Canadian National Cyber-Forensics Training Alliance, I can say that DNSxL's are a critical part of most ISP's security infrastructure. Here are my specific thoughts on "http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-07" 1. A large percentage of ISP's, ESP's, Enterprise and Internet Commerce companies have managed to build significant infrastructure that make extensive use of DNSxBL's for E-Mail related Phishing, Scam, Spam and Malicious Transaction Prevention. These practices have been in place for several years without a standard. As new DNSxL's, applications for DNSxL's and IPv6 DNSxL's emerge, however, I believe standardization will become increasingly valuable in helping manage the technology change within ISP's, Enterprise, NGO, Not-for-profit Organizations and vendors. 2. The impact of DNSxL's when applied on Inbound Email Servers is significant with very little collateral damage. A good estimate is that over 70% of all spam email is prevented by the application of DNSxBL's, sparing many service providers millions in hardware that would otherwise be spent processing and storing these messages. In all cases, without this type of implementation, customers' inboxes would be rendered completely useless. 3. When discussing DNSxL's with various carriers, it is clear that careful due-diligence has been applied to ensure that the risk of false positives is minimized. In several cases, the DNSxL is merely used as part of an overall reputation database that helps determine the delivery decision. 4. With the evolution of Internet Threats, ISP's and Enterprise's have deployed DNSxBL's to improve Data Security/Protection, Trust, Reliability and Confidence of Employee's and Customers. They have deployed DNSxL's that protect against phishing, spam, child exploitation and other malicious intended transactions. To this end, several not-for-profit and for-profit organizations/agencies/vendors/governments have been making extensive use of DNSxL's to protect country, city, community and citizens. This document will help foster standardization for those organizations. In summary, Nominum has made commercial investments to enable ISP's to make use of highly scalable DNSxL's within their infrastructure. As an industry stakeholder in the standardization of DNSxL's we welcome and support this document. Thanks for your time, Jonathan Jonathan Curtis Nominum, Inc. 2003 - 2008 Founder and Vice/Chairman of The Messaging Anti-Abuse Working Group _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf