IETF Logo Mail Archive

Re: IP-based reputation services vs. DNSBL (long)

TS Glassey <tglassey@earthlink.net> Tue, 11 November 2008 18:42 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8132F28C136; Tue, 11 Nov 2008 10:42:06 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A27783A6A7F for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 10:42:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AB3YL6dihvbO for <ietf@core3.amsl.com>; Tue, 11 Nov 2008 10:42:04 -0800 (PST)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by core3.amsl.com (Postfix) with ESMTP id 567E83A6851 for <ietf@ietf.org>; Tue, 11 Nov 2008 10:42:04 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=Yr4DbpGtOsXB/+2yzxSaXsiYdSlt0SseKN2aoIAxOq1zWF/tOCnNwXFA68RXcmjg; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [64.125.79.23] (helo=[192.168.0.32]) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1KzyBg-0000ZX-SP; Tue, 11 Nov 2008 13:42:05 -0500
Message-ID: <4919D1FC.9070801@earthlink.net>
Date: Tue, 11 Nov 2008 10:42:04 -0800
From: TS Glassey <tglassey@earthlink.net>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Matthias Leisi <matthias@leisi.net>
Subject: Re: IP-based reputation services vs. DNSBL (long)
References: <49172BCE.2000705@network-heretics.com> <alpine.LSU.2.00.0811111711310.14367@hermes-1.csi.cam.ac.uk> <4919C264.4000209@network-heretics.com> <4919C6FA.909@earthlink.net> <4919CB7C.3070604@leisi.net>
In-Reply-To: <4919CB7C.3070604@leisi.net>
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec7921eec541073e989ac7435e956c18e1d8350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 64.125.79.23
Cc: IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Matthias
Any DNS BL Listing process where those listings are based on complaints 
would create this.

The issue is that if SPAM HEADERS can have the source addresses forged 
then the DNS Blocking systems which were listed in those forged headers 
need to take that into account. So far as I can tell they dont.

Todd Glassey

Matthias Leisi wrote:
> TS Glassey schrieb:
>
>   
>>> 4. effects of DNS caching.  if a host is removed from a blacklist it
>>> should arguably be removed from all caches instantly, but DNS isn't
>>> designed to facilitate that.  
>>>       
>> The use of the term "SHOULD" here has legal implications - since many of
>> these hosts were put into the BL's by Address Spoofing they were in fact
>> NOT where the offensive SPAM was coming from and so placing those hosts
>> there when the real issue is the refusal of the EMAIL Admin to do proper
>> Header Filtration and Validation creates a direct liability.
>>     
>
> I'm sorry to jump in once more. The paragraph above is simply incorrect.
> A DNSBL that would be fooled by "address spoofing" would not provide
> much value. What do you mean by "address spoofing"? Falsified "From:"
> lines?
>
> -- Matthias
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com 
> Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 11/10/2008 7:53 AM
>
>   
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email