IETF Logo Mail Archive

Re: [Asrg] draft-irtf-asrg-bcp-blacklists-07 [re-send]

Martijn Grooten <martijn.grooten@virusbtn.com> Tue, 01 March 2011 20:07 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DEBB3A6AAF for <asrg@core3.amsl.com>; Tue, 1 Mar 2011 12:07:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.55
X-Spam-Level:
X-Spam-Status: No, score=-4.55 tagged_above=-999 required=5 tests=[AWL=1.250, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SD0m+qUJ2m6M for <asrg@core3.amsl.com>; Tue, 1 Mar 2011 12:07:27 -0800 (PST)
Received: from mx4.sophos.com (mx4.sophos.com [74.202.89.161]) by core3.amsl.com (Postfix) with ESMTP id 89FF03A6A9C for <asrg@irtf.org>; Tue, 1 Mar 2011 12:07:27 -0800 (PST)
Received: from mx4.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 24F9B7017A for <asrg@irtf.org>; Tue, 1 Mar 2011 20:08:31 +0000 (GMT)
Received: from uk-exch1.green.sophos (uk-exch1.green.sophos [10.100.199.16]) by mx4.sophos.com (Postfix) with ESMTP id AD6907014E for <asrg@irtf.org>; Tue, 1 Mar 2011 20:08:30 +0000 (GMT)
Received: from UK-EXCHMBX1.green.sophos ([fe80:0000:0000:0000:e1bd:d3c1:23.222.229.221]) by uk-exch1.green.sophos ([10.100.199.16]) with mapi; Tue, 1 Mar 2011 20:08:29 +0000
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Date: Tue, 01 Mar 2011 20:08:27 +0000
Thread-Topic: [Asrg] draft-irtf-asrg-bcp-blacklists-07 [re-send]
Thread-Index: AcvYR7hFMXXZAJ7RTV24JQTGDCW3xQAAxouQ
Message-ID: <18B53BA2A483AD45962AAD1397BE132537AEDC1BA2@UK-EXCHMBX1.green.sophos>
References: <4D6C265E.1060101@averillpark.net> <EE315DEA-7486-4673-9875-DEC91352BC55@cauce.org> <4D6D4284.50102@thoroquel.org> <AANLkTinxGLpeWmxGWR7hiLoZabYhhmfQdAh=JagCg2yk@mail.gmail.com> <4D6D4A49.2090107@messagelabs.com>
In-Reply-To: <4D6D4A49.2090107@messagelabs.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] draft-irtf-asrg-bcp-blacklists-07 [re-send]
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 20:07:28 -0000

Matt Sergeant wrote:
> Esa Laitinen wrote:
> > There is potential for conflict of interest here, though: what if the
> > consumer of the data (i.e. paying customer) is also involved in
> spamming?
>
> If they want to pay me to run a blocklist which lists them... go right
> ahead :)

ISPs or SaaS-solutions (if they offer both inbound and outbound filtering) may well be users (customers) of a blacklist for their inbound filtering and at the same time occasionally find their outbound IP addresses listed on the same blacklist.

There is some potential conflict of interest there, albeit not one that worries me a great deal. I believe that the more honest blacklists, the ones that list their customers' IP addresses/domains if they think there is a need for that, will be the better ones and, ultimately, the ones that survive.

I actually find the various possible conflicts of interest not the most important problem with (speedy) delisting fees. I think it is simply wrong for an entity to hand out fines for bad behaviour if they have not been given permission to do so, either by the entity that is being fined (which may have explicitly or implicitly agreed to T&Cs that include the possibility of fines) or by some kind of higher authority (of which there isn't really one on the internet). Even more so if there isn't a way for those being fined to contest that decision with an impartial arbiter.

This is all regardless of whether such fines have an effect on the amount of spam being sent, whether they educate their users, whether they are given to those who deserve it and whether those receiving the fines actually benefit from them.

Oh, and for whoever is counting: +1 on the draft from me.

Martijn.

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

v2.23.0 | Report a Bug | By Email