IETF Logo Mail Archive

Comments on Draft IRTF ASRG DNSBL - 07

Jonathan Curtis <Jonathan.Curtis@nominum.com> Tue, 11 November 2008 20:49 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E84D93A6A5E; Tue, 11 Nov 2008 12:49:42 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 561F828C14E for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 12:49:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.386
X-Spam-Level:
X-Spam-Status: No, score=-3.386 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NspClx0nrjcg for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 12:49:41 -0800 (PST)
Received: from chip3og57.obsmtp.com (chip3og57.obsmtp.com [64.18.14.179]) by core3.amsl.com (Postfix) with ESMTP id 249E43A6A40 for <ietf@ietf.org>; Tue, 11 Nov 2008 12:49:40 -0800 (PST)
Received: from source ([64.89.228.229]) (using TLSv1) by chip3ob57.postini.com ([64.18.6.12]) with SMTP ID DSNKSRnv5N2jErtkC2ue6NzE7K1b+fCxnw4s@postini.com; Tue, 11 Nov 2008 12:49:42 PST
Received: from webmail.nominum.com (exchange-02.win.nominum.com [64.89.228.51]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "exchange-02.win.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 2FA151B80A6 for <ietf@ietf.org>; Tue, 11 Nov 2008 12:49:49 -0800 (PST)
Received: from exchange-02.WIN.NOMINUM.COM ([64.89.228.51]) by exchange-02.WIN.NOMINUM.COM ([64.89.228.51]) with mapi; Tue, 11 Nov 2008 12:49:39 -0800
From: Jonathan Curtis <Jonathan.Curtis@nominum.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Date: Tue, 11 Nov 2008 12:49:38 -0800
Subject: Comments on Draft IRTF ASRG DNSBL - 07
Thread-Topic: Comments on Draft IRTF ASRG DNSBL - 07
Thread-Index: AclEPwNCniTPQZmORCuj2kRX0lKaWQ==
Message-ID: <20A6DC6F260C0847A77C1F9F61B309C6DEBA7069@exchange-02.WIN.NOMINUM.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org


Having spent 13 years managing abuse (Spam/Phishing/Botnets) within a large ISP organization, 5 to 6 years in a leadership position of the Messaging Anti-Abuse Working Group and active member of the Canadian National Cyber-Forensics Training Alliance, I can say that DNSxL's are a critical part of most ISP's security infrastructure.  Here are my specific thoughts on "http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-07"

1. A large percentage of ISP's, ESP's, Enterprise and Internet Commerce companies have managed to build significant infrastructure that make extensive use of DNSxBL's for E-Mail related Phishing, Scam, Spam and Malicious Transaction Prevention. These practices have been in place for several years without a standard.  As new DNSxL's, applications for DNSxL's and IPv6 DNSxL's emerge, however, I believe standardization will become increasingly valuable in helping manage the technology change within ISP's, Enterprise, NGO, Not-for-profit Organizations and vendors.

2. The impact of DNSxL's when applied on Inbound Email Servers is significant with very little collateral damage. A good estimate is that over 70% of all spam email is prevented by the application of DNSxBL's, sparing many service providers millions in hardware that would otherwise be spent processing and storing these messages.  In all cases, without this type of implementation, customers' inboxes would be rendered completely useless.

3. When discussing DNSxL's with various carriers, it is clear that careful due-diligence has been applied to ensure that the risk of false positives is minimized. In several cases, the DNSxL is merely used as part of an overall reputation database that helps determine the delivery decision.

4. With the evolution of Internet Threats, ISP's and Enterprise's have deployed DNSxBL's to improve Data Security/Protection, Trust, Reliability and Confidence of Employee's and Customers. They have deployed DNSxL's that protect against phishing, spam, child exploitation and other malicious intended transactions.  To this end, several not-for-profit and for-profit organizations/agencies/vendors/governments have been making extensive use of DNSxL's to protect country, city, community and citizens. This document will help foster standardization for those organizations.

In summary, Nominum has made commercial investments to enable ISP's to make use of highly scalable DNSxL's within their infrastructure. As an industry stakeholder in the standardization of DNSxL's we welcome and support this document.


Thanks for your time,

Jonathan

Jonathan Curtis
Nominum, Inc.

2003 - 2008  Founder and Vice/Chairman of The Messaging Anti-Abuse Working Group

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email