> On Apr 15, 2016, at 2:56 PM, John Leslie <john@xxxxxxx> wrote: > >> If we have from the community negative reports about bad-behaviours >> from any of those DNS-BLs for example. > > Again, how much are you contributing to the costs of what you ask? I’m reminded of a recent discussion on another list about how to turn off IPv6 but just for google because the users were infected with malware and got CAPTCHAs. The abuse in v4 is quiet, but when the hosts moved to dual-stack and IPv6 capable it became obvious. The provider blamed google and wanted to know how to disable IPv6 for google only. DNSBL/RBL are a part of life on the internet in the past 20 years. You don’t deal with abuse at your own peril, as once you’re the noisiest abuser and added you generally have a *lot* of work to clean up. Having worked at places that got corporate mail servers added to DNSBL as a business response to not terminating people for AUP violations before, this is hard to explain and deal with. I likely didn’t see the messages on the old list due to it matching a known message pattern that is blocked. I know everyone wants @ietf lists to be sufficiently promiscuous to have a low barrier to participating, but we must perform some basic security operations to block them. Regarding locking the lists? I’m all for that after IETF closes out the venue contract/payments. It should be a mechanical operation that coincides. This way if there is a venue problem or something specific those at the meeting can discuss, otherwise the general public doesn’t get spammed with details. - Jared