IETF Logo Mail Archive

Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd)

"Chris Lewis" <clewis@nortel.com> Wed, 19 November 2008 13:12 UTC

Return-Path: <asrg-bounces@irtf.org>
X-Original-To: asrg-archive@optimus.ietf.org
Delivered-To: ietfarch-asrg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 323383A6B43; Wed, 19 Nov 2008 05:12:09 -0800 (PST)
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5DDF3A6B43 for <asrg@core3.amsl.com>; Wed, 19 Nov 2008 05:12:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.625
X-Spam-Level:
X-Spam-Status: No, score=-5.625 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kyjHdKNAFhlR for <asrg@core3.amsl.com>; Wed, 19 Nov 2008 05:12:07 -0800 (PST)
Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id D59E03A6B32 for <asrg@irtf.org>; Wed, 19 Nov 2008 05:12:06 -0800 (PST)
Received: from zrtphxs1.corp.nortel.com (zrtphxs1.corp.nortel.com [47.140.202.46]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id mAJD8qb27873 for <asrg@irtf.org>; Wed, 19 Nov 2008 13:08:52 GMT
Received: from zrtphx5h0.corp.nortel.com ([47.140.202.65]) by zrtphxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 19 Nov 2008 08:12:02 -0500
Received: from [47.130.64.15] (47.130.64.15) by zrtphx5h0.corp.nortel.com (47.140.202.65) with Microsoft SMTP Server (TLS) id 8.1.311.2; Wed, 19 Nov 2008 08:12:02 -0500
Message-ID: <492410A0.7050804@nortel.com>
Date: Wed, 19 Nov 2008 08:12:00 -0500
From: Chris Lewis <clewis@nortel.com>
Organization: Nortel
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <4606143.01227048087075.JavaMail.franck@franck-martins-macbook-pro.local> <49235469.8090306@nortel.com> <4923AC56.8060509@leisi.net>
In-Reply-To: <4923AC56.8060509@leisi.net>
X-OriginalArrivalTime: 19 Nov 2008 13:12:02.0752 (UTC) FILETIME=[69A87C00:01C94A48]
Subject: Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/pipermail/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: asrg-bounces@irtf.org
Errors-To: asrg-bounces@irtf.org

Matthias Leisi wrote:
> Chris Lewis schrieb:
> 
>> There's also a consideration of scaling.  Having a few dozen
>> organizations continually rescanning their, say, /16s could get rather
>> old quick.
> 
> An old wish: Have some protocol to enable queries like "return all
> listings for IP addresses in a.b.c.d/N" (for some reasonably max value
> of N, possibly 24?).

We'd only have to issue more than 65536 of those to check our space ;-)

Yes, something like that would be nice and I don't think too many DNSBL
operators would object (at least in theory).  Some DNSBLs offer by-email
notification.  Others might want to, but don't for whatever reason.

However:

1) The BCP is a wrong place to describe a protocol for that.
2) Most DNSBL operators would probably prefer that there was some sort
of authorization layered on top.

For reasons of scaling and overhead, I think it'd probably be better
that these are third party offerings.

There have been efforts to implement third party services to do that.
Habeus had/has(?) one.  I believe Karmasphere can do it.

Most of these services only query small numbers of IPs, and the costs
would be prohibitive if you had a largish range.  But with the
appropriate arrangements, it should be possible to do much better.

> Yes, that's easily done if you have a local copy of the data, but that
> is not always feasible (or has considerable cost).
_______________________________________________
Asrg mailing list
Asrg@irtf.org
https://www.irtf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email