IETF Logo Mail Archive

Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd)

Rich Kulawiec <rsk@gsp.org> Tue, 18 November 2008 23:59 UTC

Return-Path: <asrg-bounces@irtf.org>
X-Original-To: asrg-archive@optimus.ietf.org
Delivered-To: ietfarch-asrg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AB6023A6AD0; Tue, 18 Nov 2008 15:59:28 -0800 (PST)
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8C1E3A680F for <asrg@core3.amsl.com>; Tue, 18 Nov 2008 15:59:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.71
X-Spam-Level:
X-Spam-Status: No, score=-4.71 tagged_above=-999 required=5 tests=[AWL=1.090, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Fr456qO-J1E for <asrg@core3.amsl.com>; Tue, 18 Nov 2008 15:59:26 -0800 (PST)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id 159C43A6AD0 for <asrg@irtf.org>; Tue, 18 Nov 2008 15:59:26 -0800 (PST)
Received: from squonk.gsp.org (bltmd-207.114.25.46.dsl.charm.net [207.114.25.46]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id mAINxNRs008034 for <asrg@irtf.org>; Tue, 18 Nov 2008 18:59:24 -0500 (EST)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id mAINrf3n005637 for <asrg@irtf.org>; Tue, 18 Nov 2008 18:53:41 -0500 (EST)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.2/8.14.2/Debian-2build1) with ESMTP id mAINxHqi005989 for <asrg@irtf.org>; Tue, 18 Nov 2008 18:59:17 -0500
Received: (from rsk@localhost) by avatar.gsp.org (8.14.2/8.14.2/Submit) id mAINxFaN005988 for asrg@irtf.org; Tue, 18 Nov 2008 18:59:15 -0500
Date: Tue, 18 Nov 2008 18:59:15 -0500
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20081118235915.GA5753@gsp.org>
References: <934f64a20811181425v54280f36i21427813b614c54d@mail.gmail.com> <4606143.01227048087075.JavaMail.franck@franck-martins-macbook-pro.local>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <4606143.01227048087075.JavaMail.franck@franck-martins-macbook-pro.local>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
Subject: Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/pipermail/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: asrg-bounces@irtf.org
Errors-To: asrg-bounces@irtf.org

On Wed, Nov 19, 2008 at 10:41:30AM +1200, Franck Martin wrote:
> Did not fully read but not sure if there is something that access to DNSBL should not be restricted. I'd like to query often the DNSBL to see if my IPs are not appearing in it. It is easier that way that to scan postmaster emails. 

By the time reports have found their way back to (at your "abuse" address,
I'd hope, not "postmaster") and by the time you've been listed on a DNSBL,
it's too late.  The damage has already been done.  A much better approach
is to be proactive, to actively block or at least detect common forms
of abuse before they escape your network.

So instead of putting engineering time into wiring DNSBL checks into
Nagios (referenced in the part of your message I elided) it would be
better to apply that same time to understanding your network, thinking
about how it could be abused, and putting in place measures designed
to forestall that.

---Rsk
_______________________________________________
Asrg mailing list
Asrg@irtf.org
https://www.irtf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email