IETF Logo Mail Archive

Re: [dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting

John Levine <johnl@taugh.com> Sun, 04 December 2022 05:13 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD962C14CE35 for <dispatch@ietfa.amsl.com>; Sat, 3 Dec 2022 21:13:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.148
X-Spam-Level:
X-Spam-Status: No, score=-4.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=ZCMKMnBU; dkim=pass (2048-bit key) header.d=taugh.com header.b=Ml5H2p/1
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKMnXDdQ5Sfi for <dispatch@ietfa.amsl.com>; Sat, 3 Dec 2022 21:13:24 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05F18C1524B8 for <dispatch@ietf.org>; Sat, 3 Dec 2022 21:13:23 -0800 (PST)
Received: (qmail 94486 invoked from network); 4 Dec 2022 05:13:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=17113.638c2c71.k2212; bh=AQ6Hp0DBfsZ++mmRFmkiEASHiAy2qcxpW3+xBOVK1Vg=; b=ZCMKMnBUC8B+BBwH55zI18P2psgKT2SxET5ufwRE7alH7Z67bemwPtKjy2f/ycJV9rV0NHAvtrRnrSsFg7ia6KOcrRTln0bGPek/G7vio7+f8Uu1VIknHdAwBK60np+8doKYIO53vj/NbqESN8igzToqJhNbfF6xmzZU8Xtr9P7Ea3bxQdRW1PGUdnAgNxyHqmR7zKuREq0q19R/8A0HkSHUK4SaYJ7cyqt7iv5yXgYTkyjHM4NCSLkEgaI4GsEyfNE7RLI5UsWvWh+Pt2wSvM52I9yaAl2S6kUi8uKE1vcfthEqg/3HZ2h6BA3AO1ZI2mIsPU+dlCKT/d7OBR/e3A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=17113.638c2c71.k2212; bh=AQ6Hp0DBfsZ++mmRFmkiEASHiAy2qcxpW3+xBOVK1Vg=; b=Ml5H2p/1Xqd1/a9nVsroRdLNiK20i95UbUkC0HdQSvOdgt2FRAfIrlt3E/zl5VrMrAoh9Fzqwk76phB/2Deft+botqZS/q0ee65WlVF2jzYm9eUhAed5fbK+10sJTa9m0kQTPBx10T2rf+dbkjTq7eVvnR4EmBlMCv8ut7o0nhBufIH84sr9rX+IGQPVRj10DtVakkP4ksr5LnvjsehIRww9Vcza2JFzpe8QSMby2HV2OmlasQbDK3Tg+aEh8OefYFDf9+QtQBeMLSICLkNhbPl5fR4f+i6d3opOegZsvFyyEVQAoc8j/yIYUF4so11UM7e126oorfLA5/lSCC0fBw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 04 Dec 2022 05:13:21 -0000
Received: by ary.qy (Postfix, from userid 501) id 0FF0650855F1; Sun, 4 Dec 2022 00:13:19 -0500 (EST)
Date: Sun, 04 Dec 2022 00:13:19 -0500
Message-Id: <20221204051320.0FF0650855F1@ary.qy>
From: John Levine <johnl@taugh.com>
To: dispatch@ietf.org
In-Reply-To: <4f7a0b7e-b51b-ac06-c099-68143cba057b@cs.tcd.ie>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/GIehmBWho8QBItlKqVoP8FzX9bw>
Subject: Re: [dispatch] Proposal for scantxt; scanning opt-in/out, identification, verification, notification, and reporting
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2022 05:13:28 -0000

It appears that Stephen Farrell  <stephen.farrell@cs.tcd.ie> said:
>mostly try do something like this, so there could well be
>value in a standard location that can be found from a source
>IP address at which some pointers/hints can be found.

The de-facto convention is that you put a web server with an
explanation at each IP doing the scanning.

I can see why the people doing the scanning would want all this stuff,
but I can't see why the victims of the probes would have any reason to
go to any effort to make their lives easier. Most scanning is in
practice malicious, even if the people doing the probing make excuses
that it isn't.

I am reminded of efforts about two decades ago in which spammers
wanted to build elaborate schemes so we could tell them exactly which
kinds of spam we did and didn't want. If you have to ask, the answer
is no.

R's,
John

v2.23.0 | Report a Bug | By Email