IETF Logo Mail Archive

Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment

"Emanuele Balla (aka Skull)" <skull@bofhland.org> Tue, 24 January 2012 15:19 UTC

Return-Path: <skull@bofhland.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0151C21F8653 for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 07:19:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FY5X2eRwLzhi for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 07:19:06 -0800 (PST)
Received: from mithrandir.bofhland.org (mithrandir.bofhland.org [IPv6:2a02:9a8:94::b]) by ietfa.amsl.com (Postfix) with ESMTP id A8F8521F864A for <asrg@irtf.org>; Tue, 24 Jan 2012 07:19:06 -0800 (PST)
Received: from zarathustra.local (zarathustra.spin.it [147.123.15.60]) by mithrandir.bofhland.org (Postfix) with ESMTPSA id 2C24A6C21A for <asrg@irtf.org>; Tue, 24 Jan 2012 16:19:03 +0100 (CET)
Message-ID: <4F1ECBE4.1050802@bofhland.org>
Date: Tue, 24 Jan 2012 16:19:00 +0100
From: "Emanuele Balla (aka Skull)" <skull@bofhland.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <18B53BA2A483AD45962AAD1397BE13253846E0FE87@UK-EXCHMBX1.green.sophos>
In-Reply-To: <18B53BA2A483AD45962AAD1397BE13253846E0FE87@UK-EXCHMBX1.green.sophos>
X-Enigmail-Version: 1.3.4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 15:19:08 -0000

On 1/24/12 4:07 PM, Martijn Grooten wrote:
> It was nice to see the RFC being published. Good work.
> 
> Then I came across this:
> 
> http://blog.vamsoft.com/2012/01/24/ub-black-uribl-com-url-blacklist-started-to-block-everything/
>
>  (Vamsoft ORF is a spam-filter.) Basically uribl.com was returning
> 127.0.0.1 to _all_ queries from nameservers that are sending high
> volumes (presumably without paying for it) as some kind of
> punishment. http://uribl.com/ confirms that.
> 
> Now, as Vamsoft mentions, it is not a good idea to use third-party
> nameservers on a server you're making DNS requests from. (Although,
> unlike openDNS, Google's nameservers do return NXDOMAIN when they
> can't resolve a domain.) Moreover, it does seem Google's nameservers
> are now getting REFUSED as a response to any uribl.com request. I was
> just wondering whether the RFC says anything about this kind of
> behaviour ('listing' everything as a punishment). To my reading it
> doesn't.
> 
> Martijn.

In truth there's
in point 3.3:

«  Note: In Section 3.4, it is noted that some DNSBLs have shut down in
   such a way to list all of the Internet.  Further, in Section 3.5,
   DNSBL operators MUST NOT list 127.0.0.1.  Therefore, a positive
   listing for 127.0.0.1 SHOULD indicate that the DNSBL has started
   listing the world and is non-functional. »

and again, in point 3.5:

«  A functioning DNSBL MUST NOT list 127.0.0.1.  There are a number of
   mail server implementations that do not cope with this well, and many
   will use a positive response for 127.0.0.1 as an indication that the
   DNSBL is shut down and listing the entire Internet.»


That is not clearly against "listing everything as a punishment", but
means uribl.com is technically "non-functional"... ;-)


-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/

v2.8.7 | Report a Bug | By Email