Re: uncooperative DNSBLs, IETF misinformation (was: several messages)
Steve Linford <linford@spamhaus.org> Thu, 13 November 2008 21:30 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B653E3A69FD; Thu, 13 Nov 2008 13:30:09 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1EAD33A69FD for <ietf@core3.amsl.com>; Thu, 13 Nov 2008 13:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.766
X-Spam-Level:
X-Spam-Status: No, score=-10.766 tagged_above=-999 required=5 tests=[AWL=0.133, BAYES_00=-2.599, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJQd5AMVZVJl for <ietf@core3.amsl.com>; Thu, 13 Nov 2008 13:30:08 -0800 (PST)
Received: from smtp-ext-layer.spamhaus.org (ns8.spamhaus.org [82.94.216.239]) by core3.amsl.com (Postfix) with ESMTP id E955B3A69EF for <ietf@ietf.org>; Thu, 13 Nov 2008 13:30:07 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v753.1)
In-Reply-To: <20081113183919.GR76118@shinkuro.com>
References: <Pine.LNX.4.33.0811121942450.12067-100000@egate.xpasc.com> <20081113112302.38928.qmail@simone.iecc.com> <e0c581530811130740g1db5cbfehbcdad361660bf48b@mail.gmail.com> <491C5339.8090801@dcrocker.net> <20081113163833.GN76118@shinkuro.com> <491C699B.4000702@nortel.com> <20081113180841.GO76118@shinkuro.com> <491C711C.3030605@leisi.net> <20081113183919.GR76118@shinkuro.com>
From: Steve Linford <linford@spamhaus.org>
Subject: Re: uncooperative DNSBLs, IETF misinformation (was: several messages)
To: ietf@ietf.org
X-Local-MTA-Info:
X-Mime-Info: text/plain
Message-ID: <A.1L0jlO-000MSh-Ku@smtp-ext-layer.spamhaus.org>
Date: Thu, 13 Nov 2008 21:30:06 +0000
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
On 13 Nov 2008, at 19:39, Andrew Sullivan wrote: > On Thu, Nov 13, 2008 at 07:25:32PM +0100, Matthias Leisi wrote: >> Can you please explain what this "fairly serious damage to the DNS >> protocol" is? > > The message I posted from Olafur and me the other day is supposed to > explain this already: > > http://www.ietf.org/mail-archive/web/ietf/current/msg53776.html > > For the impatient, one fundamental problem is that the current > behaviour uses A records that do not contain host addresses, which is > contrary to the definition of an A record. Is this not a truly desperate grasping at straws? So far I have heard here: - DNSBLs are not much used so they should not be recognized. (we alone have 1.4 billion end-users and our DNSBLs are used by 2/3 of internet networks, including all giant freemail providers) - DNSBLs are temporary fad, they'll never last. (we've been serving DNSBLs for 10 years) - DNSBLs are bad for email. (we alone flag some 80 billion spam emails *per day*, spam which would otherwise clog servers and render email completely useless) - DNSBLs stop very little spam. (our DNSBLs catch 80-90% of spam out-front, and 99% if used as we recommend in: http://www.spamhaus.org/effective_filtering.html ) - DNSBLs have huge False Positives. (at 80 billion spams stopped per day, if we had even a miniscule FP level there would be a worldwide outcry and everyone would stop using us. Do the maths. Our FP level is many times lower than any other spam filter method by a very, very long way) - DNSBLs break email deliverability. (DNSBL technology in fact ensures that the email sender is notified if an email is rejected, unlike Bayesian filters/content filters which place spam in the user's trash without notifying the senders) - DNSBLs "sit in the middle of an end-to-end email transaction" (see: http://www.spamhaus.org/dnsbl_function.html for enlightenment) - IETF should not recognize DNSBLs because it may upset IETF sponsors. (the IETF sponsors and founders list reads as a "who's who" of DNSBL users, we ourselves have contracts with at least 60% of the IETF sponsor corporations for the use of our DNSBLs. Upset them my foot.) - Someone from BT said "DNSBLs should not be standardised" (BT has a contract with Spamhaus to use our DNSBLs on its network, we're not sure why BT would prefer the DNSBLs it uses to not be standardised but we'll ask them at contract renewal time ;) - DNSBLs are all bad because someone had a bad experience with SORBS. (well, we're not SORBS. Nor are Trend Micro, Ironport, or the other responsible DNSBL operators) and - DNSBLs cause "fairly serious damage to the DNS protocol" because they use A records that do not contain host addresses. (127.0.0.0 is reserved for IANA Special Use. It is non-net-routable. DNSBLs using 127.0.0.2 cause absolutely no 'damage' whatsoever) Please could the arguments against standardisation use some better and correct facts, as most of the arguments being presented against standardisation started off poor and are deteriorating into farcical. Steve Linford Chief Executive The Spamhaus Project http://www.spamhaus.org _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: several messages der Mouse
- Re: several messages David Morris
- Re: several messages Dean Anderson
- Re: several messages Randy Presuhn
- Re: several messages David Morris
- Re: several messages Matthias Leisi
- Re: several messages Steve Linford
- Re: several messages Peter Dambier
- Re: several messages Steve Linford
- Re: several messages Keith Moore
- Re: several messages der Mouse
- Re: several messages Chris Lewis
- Re: several messages Mark Andrews
- Re: several messages der Mouse
- Re: several messages Chris Lewis
- Re: several messages David Romerstein
- Re: several messages Randy Presuhn
- Re: several messages Chris Lewis
- Re: several messages David Romerstein
- Re: several messages David Romerstein
- Re: several messages Keith Moore
- Re: several messages Chris Lewis
- Re: several messages Al Iverson
- More anti-spam (was: Re: several messages) John C Klensin
- RE: several messages michael.dillon
- Re: several messages Matthias Leisi
- Re: several messages Mark Andrews
- Re: several messages David Morris
- Re: several messages Al Iverson
- Re: uncooperative DNSBLs, was several messages John Levine
- Re: uncooperative DNSBLs, was several messages Jim Hill
- Re: several messages John C Klensin
- Re: several messages Al Iverson
- RE: several messages Hallam-Baker, Phillip
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Al Iverson
- RE: several messages Anthony Purcell
- Re: uncooperative DNSBLs, was several messages Dave CROCKER
- Re: several messages der Mouse
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages David Romerstein
- Re: uncooperative DNSBLs, was several messages Jim Hill
- Re: several messages Chris Lewis
- Re: uncooperative DNSBLs, was several messages Chris Lewis
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Dave CROCKER
- Re: uncooperative DNSBLs, was several messages Tony Finch
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Al Iverson
- Re: uncooperative DNSBLs, was several messages Andrew Sullivan
- Re: uncooperative DNSBLs, was several messages John C Klensin
- Re: uncooperative DNSBLs, was several messages Ted Hardie
- Re: uncooperative DNSBLs, was several messages Matthias Leisi
- Re: uncooperative DNSBLs, was several messages Ted Hardie
- Re: uncooperative DNSBLs, was several messages Tony Finch
- Context specific semantics was Re: uncooperative … Ted Hardie
- Clarifying harm to DNS (was: uncooperative DNSBLs… Andrew Sullivan
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: uncooperative DNSBLs, IETF misinformation (wa… Steve Linford
- RE: Context specific semantics was Re: uncooperat… Hallam-Baker, Phillip
- Re: uncooperative DNSBLs, was several messages Peter Dambier
- Re: uncooperative DNSBLs, was several messages David Romerstein
- Re: uncooperative DNSBLs, was several messages Peter Dambier
- Re: uncooperative DNSBLs, was several messages Keith Moore
- Re: uncooperative DNSBLs, was several messages Chris Lewis
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Steve Linford
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: Context specific semantics was Re: uncooperat… Tony Finch
- Re: Context specific semantics was Re: uncooperat… John Levine
- RE: Context specific semantics was Re: uncooperat… Hardie, Ted
- RE: Context specific semantics was Re: uncooperat… Tony Finch
- Re: several messages Rich Kulawiec
- Re: uncooperative DNSBLs, was several messages Rich Kulawiec
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- RE: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: several messages John C Klensin
- Re: several messages Al Iverson
- Re: Context specific semantics was Re: uncooperat… John L
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- RE: uncooperative DNSBLs, IETF misinformation (wa… michael.dillon
- Re: several messages John C Klensin
- Re: several messages Chris Lewis
- Re: uncooperative DNSBLs, IETF misinformation (wa… Keith Moore
- Re: several messages Al Iverson
- RE: several messages michael.dillon
- Re: uncooperative DNSBLs, IETF misinformation (wa… Al Iverson
- Re: Context specific semantics was Re: uncooperat… Ted Hardie
- Re: Context specific semantics was Re: uncooperat… Douglas Otis
- Re: uncooperative DNSBLs, IETF misinformation (wa… Theodore Tso
- Re: Context specific semantics was Re: uncooperat… Theodore Tso
- Re: uncooperative DNSBLs, IETF misinformation (wa… Chris Lewis
- Re: more bad ideas, was uncooperative DNSBLs, was… John Levine
- Re: more bad ideas, was uncooperative DNSBLs, was… Chris Lewis
- Re: Context specific semantics was Re: uncooperat… John L
- Detecting and disabling bad DNSBLs Peter Dambier
- Re: Detecting and disabling bad DNSBLs Steve Linford
- Re: several messages Pekka Savola
- Re: more bad ideas, was uncooperative DNSBLs, was… Keith Moore
- Re: several messages Rich Kulawiec
- Is USA qualified for 2.3 of draft-palet-ietf-meet… YAO
- RE: [73attendees] Is USA qualified for 2.3 ofdraf… Song Haibin
- Re: several messages Tom.Petch
- Re: [73attendees] Is USA qualified for 2.3 of dra… Phillip Hallam-Baker
- Re: [73attendees] Is USA qualified for 2.3 of dra… james woodyatt
- Re: several messages John C Klensin