This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] RBL policy
- Previous message (by thread): [anti-abuse-wg] RBL policy
- Next message (by thread): [anti-abuse-wg] RBL policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Simon Forster
simon-lists at ldml.com
Mon Jan 30 12:14:44 CET 2017
Please be aware that my understanding is of the general principles employed by the various Spamhaus block lists. I have no role in compiling the block lists — that is the remit of a completely different team. I can talk to the generalities but not to specifics as I have no more insight into specifics than anyone else with access to the Spamhaus Projects' Blocklist Removal Centre at <https://www.spamhaus.org/lookup/ <https://www.spamhaus.org/lookup/>>. And I’ll decline to post the rest of my reply following the abuse up thread. All the best Simon > On 30 Jan 2017, at 09:39, Simon Forster <simon-lists at ldml.com> wrote: > > >> On 30 Jan 2017, at 06:13, ox <andre at ox.co.za> wrote: >> >> Hello All, >> >> May I please solicit some comments about Abuse Block lists >> (Without detracting from RFC 5782 and RFC 6471 or : >> https://www.ripe.net/publications/docs/ripe-409 ) >> >> Firstly, the background for the start of this thread is simply: As the >> use of machine learning technology is now also applied and adapted for >> the use of cyber criminals (including spammers, scammers, etc) the >> rules and what is socially acceptable is and has changed. Global >> politics, protectionism, nationalism and the other 'isms' are also >> causing change. >> >> Considering that DNSBL tech is "reactive" (after he abuse) > > This statement appears to be exclusionary — and is one often levelled against DNSBLs. All DNSBLs are not wholly reactive. > > Firstly, one needs to acknowledge that all DNSBLs are not they same. > > Secondly, some listings in some DNSBLs are proactive. i.e. Made before abuse is seen. As I work for the commercial arm of Spamhaus, I know their offerings quite well and can confidently state that some of the Spamhaus block lists contain proactive and/or precautionary listings. I imagine SURBL does likewise. Other block lists probably have similar policies / inputs. > > Simon > > >> The block time policies of RBLs >> *********************************** >> There are two main types of block lists: No automatic removal and >> automatic removal >> >> Is the policy to auto de-list after a period of time, still accurate? >> >> Considering the change in abuse patterns and technology, should the >> block times be increased or de-creased? >> >> Does society require more specialist non auto de-list DNSBLs? >> (Would it be helpful to law enforcement to have a "child pornography" >> dnsbl? or a phish dnsbl? - or is the reactive time to high in order >> for dynamic ipv4? - but on ipv6 allocations to devices could be more >> 'permanent'? etc) >> >> Andre -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20170130/bd9986c7/attachment.html>
- Previous message (by thread): [anti-abuse-wg] RBL policy
- Next message (by thread): [anti-abuse-wg] RBL policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]