This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ángel González Berdasco
angel.gonzalez at incibe.es
Thu Mar 4 19:59:23 CET 2021
El jue, 04-03-2021 a las 17:16 +0100, Christian Teuschel wrote: > Hi Elvis and Suresh, dear colleagues, > > Putting exact numbers on how many operators are using UCEProtect is > difficult, but through feedback from users, network operators and > members we understand that it is in use and that the provisioning of > this RBL on RIPEstat has value. > > If I am reading the feedback in this discussion correctly, the > sentiment > is leaning towards adding more RBLs instead of less and if that is > the > case we are going to look into how and when we can achieve this. > Please > let me know if that is aligned with your requirements/expectations. > > Best regards, > Christian Hello Christian I think there are two issues at hand here. First one is the realiability of uceprotect. A dnsbl SHOULD be neutral. A blacklist which accepts payments for delisting seems shady by itself, even if actually done with the best intentions. Due to this it has long been considered as not a source to trust or care about (unlike their policy with many other blacklists). But a network choosing to care (or not) for a blacklist, or a BL deciding to seek payments, are their own decisions. However, what I find really worrying are the reports of uceprotect intentionally increasing their to list more addresses, or even inserting "hits" for ip addresses which cannot have produced the alledged hits. This would make them misleading at best, if not directly mischievous. PLease note this is just from a technical point of view. Issues of "non-professionalism" are a separate matter. A blacklist operator should be able to know why and even justify, if needed, why it listed an IP address. To a trusted third party, for instance. If it is / became a predatory blacklist, that's enough reason not to include it, as that would be a way of promoting it. Second issue is the number of entries. I would consider that the more (good) blacklists included, the better. I would still not include a predatory blacklist there, as the mere listing gives them a sense of legitimacy. This can be conflated with the number of lists but is actually different. If you include many blacklists (e.g. mxtoolbox checks 94), it's easier to include lower-quality ones, as the exposure given to them is more diluted. If you only list a couple of lists, that makes them look like they are "the important ones". Even if it was never the intent. Best regards PS: And yes, the NP-hard problem is telling apart the good from the evil. In some cases it can be simple, but it often is not. -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys ==================================================================== INCIBE-CERT is the Spanish National CSIRT designated for citizens, private law entities, other entities not included in the subjective scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen Jurídico del Sector Público", as well as digital service providers, operators of essential services and critical operators under the terms of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de las redes y sistemas de información" that transposes the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. ==================================================================== In compliance with the General Data Protection Regulation of the EU (Regulation EU 2016/679, of 27 April 2016) we inform you that your personal and corporate data (as well as those included in attached documents); and e-mail address, may be included in our records for the purpose derived from legal, contractual or pre-contractual obligations or in order to respond to your queries. You may exercise your rights of access, correction, cancellation, portability, limitationof processing and opposition under the terms established by current legislation and free of charge by sending an e-mail to dpd at incibe.es. The Data Controller is S.M.E. Instituto Nacional de Ciberseguridad de España, M.P., S.A. More information is available on our website: https://www.incibe.es/proteccion-datos-personales and https://www.incibe.es/registro-actividad. ====================================================================
- Previous message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
- Next message (by thread): [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]