IETF Logo Mail Archive

Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment

Derek Diget <derek.diget+asrg@wmich.edu> Tue, 24 January 2012 21:09 UTC

Return-Path: <derek.diget+asrg@wmich.edu>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3784321F8659 for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 13:09:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCSB1dCLRgtt for <asrg@ietfa.amsl.com>; Tue, 24 Jan 2012 13:09:11 -0800 (PST)
Received: from mx-tmp.wmich.edu (mx-tmp.wmich.edu [141.218.1.43]) by ietfa.amsl.com (Postfix) with ESMTP id 9A21921F8652 for <asrg@irtf.org>; Tue, 24 Jan 2012 13:09:10 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; charset=US-ASCII
Received: from spaz.oit.wmich.edu (spaz.oit.wmich.edu [141.218.24.51]) by mta01.service.private (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 64bit)) with ESMTPSA id <0LYB006L1MR6HK60@mta01.service.private> for asrg@irtf.org; Tue, 24 Jan 2012 16:09:07 -0500 (EST)
X-WMU-Spam: Gauge=X, Probability=10% on Tue Jan 24 16:09:07 2012, Report=' WMU_MSA_SMTP+ 0, TO_IN_SUBJECT 0.5, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1800_1899 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, SPF_NEUTRAL 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0, __URI_NO_PATH 0, __URI_NS '
X-WMU-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.1.24.205714 - Tue Jan 24 16:09:07 2012
Date: Tue, 24 Jan 2012 16:09:06 -0500 (EST)
From: Derek Diget <derek.diget+asrg@wmich.edu>
X-X-Sender: diget@spaz.oit.wmich.edu
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <4F1F0BA3.6080805@bofhland.org>
Message-id: <Pine.GSO.4.62.1201241602200.12377@spaz.oit.wmich.edu>
References: <18B53BA2A483AD45962AAD1397BE13253846E0FE87@UK-EXCHMBX1.green.sophos> <4F1ECBE4.1050802@bofhland.org> <20120124153531.GA8414@gsp.org> <4F1ED3CA.5040200@bofhland.org> <20120124182349.GR27359@chaosreigns.com> <4F1F0BA3.6080805@bofhland.org>
Subject: Re: [Asrg] RFC 6471 and "listing the Internet" as a punishment
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 21:09:13 -0000

On Jan 24, 2012 at 20:50 +0100, Emanuele Balla (aka Skull) wrote:
=>On 1/24/12 7:23 PM, darxus@chaosreigns.com wrote:
=>> As I tried to say in the past, having a value to return for all
=>> queries from a DNS server that has been deemed abusive is *useful* to
=>> black/whitelist providers.  Enough that it's looking like it'll be done
=>> whether the ASRG likes it or not.  If you'd prefer something other than
=>> 127.0.0.1 to be used, document it somewhere.
=>
=>I fully agree with you, FWIW...
=>
=>
=>> Also, as the linked article said, "...the 127.0.0.1 response indicates
=>> that uribl.com does not accept any queries from the DNS server".
=>> SpamAssassin had this handled as URIBL defined, no false positives
=>> resulted.
=>
=>Yes, and somehow that's the point: SW (like spamassassin) that deal with
=>return values correctly, will not encounter FPs but this means it also
=>gives the BL operator no advantage.
=>
=>While any other return value outside 127/8, while more opportune,
=>probably will affect bad implementations like 127.0.0.1 or any other code.


ASRG List,

See the SpamAssassin bugs ids related to this issue from just a few 
weeks ago.

Bug 6724 - DNSxL returning purposefully wrong answers as part of 
Anti-Abuse / Free for Some Policies 
<https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6724>


Bug 6728 - DNSBLs need a way to turn off queries based on BLOCKED rules 
triggering <https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6728>



-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************

v2.8.7 | Report a Bug | By Email