Re: How I deal with (false positive) IP-address blacklists...

Theodore Tso <tytso@MIT.EDU> Wed, 10 December 2008 17:42 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 994723A6BD8; Wed, 10 Dec 2008 09:42:35 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 492883A6BD9 for <ietf@core3.amsl.com>; Wed, 10 Dec 2008 09:42:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5ozrfwNnLsZ for <ietf@core3.amsl.com>; Wed, 10 Dec 2008 09:42:33 -0800 (PST)
Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by core3.amsl.com (Postfix) with ESMTP id 3F4D83A6BD4 for <ietf@ietf.org>; Wed, 10 Dec 2008 09:42:33 -0800 (PST)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id mBAHfBIq016852; Wed, 10 Dec 2008 12:42:15 -0500 (EST)
Received: from closure.thunk.org (streamline129.sjccnet.com [207.87.51.129]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id mBAHajIo027702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 10 Dec 2008 12:36:52 -0500 (EST)
Received: from tytso by closure.thunk.org with local (Exim 4.69) (envelope-from <tytso@mit.edu>) id 1LASN4-0004cx-U0; Wed, 10 Dec 2008 11:57:10 -0500
Date: Wed, 10 Dec 2008 11:57:10 -0500
From: Theodore Tso <tytso@MIT.EDU>
To: dcrocker@bbiw.net
Subject: Re: How I deal with (false positive) IP-address blacklists...
Message-ID: <20081210165710.GC26292@mit.edu>
References: <20081209061829.GA13153@mit.edu> <493EC59E.1050002@dcrocker.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <493EC59E.1050002@dcrocker.net>
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Scanned-By: MIMEDefang 2.42
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Tue, Dec 09, 2008 at 11:23:10AM -0800, Dave CROCKER wrote:
> Evidently you believe that the anecdote you posted proves something, but 
> I am not sure what.
>
> Some others have suggested that it proves something which, I strongly 
> suspect, is not what you had in mind.
>
> Perhaps you can clarify the purpose of your note.  How should it be 
> incorporated into the IETF's deliberations?

The point I was trying to make is that there seems to be an inherent
assumption by some people, perhaps because the people who make these
assumptions run large mail servers, that the problem with someone who
is wrongly blocked rests solely with the sender, and not with the
utimate recipient, or with the mailer operator.  It's essentially an
attitude of you have no _right_ to send us e-mail, and if we make an
(inevitable) mistake, and blacklist list you incorrectly, it is up to
**you** (the sender) to go to us on bended knee and prove tht you are
not an evil spammer, or an incompentent Windows desktop owner who has
let their machine be taken over by a botnet.

I'm sure they feel magnaminous when they offer some method of
approaching them on bended knee, hoping that that they will give you
permissionto send e-mail --- whether it is via a phone number or
whether it is via placing an international phone call and paying $$$
to some Austrialian PTT to beg and plead to be removed from some IP
blacklist --- and I am still not convinced it is the best indetifier
when deciding whether or not blocking *all* mail from a particular IP
address.  You may be trying to place the burden on me, but consider
that we are merely getting assertions from the other side of the aisle
as well.

My main point, though, is that in some cases, the ultimate recipient
may have a much greater interest in receiving the e-mail than the
sender, and so the model of requiring the sender to assume the burden
of proof and go on bended knee to the mailserver administrator to let
their e-mails through may not be a particularly good model to use as
the basis for making recommendations for best practice.

Regards,

						- Ted
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf