[anti-abuse-wg] RBL policy
- Previous message (by thread): [anti-abuse-wg] RBL policy
- Next message (by thread): [anti-abuse-wg] RBL policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Simon Forster
simon-lists at ldml.com
Mon Jan 30 12:14:44 CET 2017
Please be aware that my understanding is of the general principles employed by the various Spamhaus block lists. I have no role in compiling the block lists — that is the remit of a completely different team. I can talk to the generalities but not to specifics as I have no more insight into specifics than anyone else with access to the Spamhaus Projects' Blocklist Removal Centre at <https://www.spamhaus.org/lookup/ <https://www.spamhaus.org/lookup/>>. And I’ll decline to post the rest of my reply following the abuse up thread. All the best Simon > On 30 Jan 2017, at 09:39, Simon Forster <simon-lists at ldml.com> wrote: > > >> On 30 Jan 2017, at 06:13, ox <andre at ox.co.za> wrote: >> >> Hello All, >> >> May I please solicit some comments about Abuse Block lists >> (Without detracting from RFC 5782 and RFC 6471 or : >> https://www.ripe.net/publications/docs/ripe-409 ) >> >> Firstly, the background for the start of this thread is simply: As the >> use of machine learning technology is now also applied and adapted for >> the use of cyber criminals (including spammers, scammers, etc) the >> rules and what is socially acceptable is and has changed. Global >> politics, protectionism, nationalism and the other 'isms' are also >> causing change. >> >> Considering that DNSBL tech is "reactive" (after he abuse) > > This statement appears to be exclusionary — and is one often levelled against DNSBLs. All DNSBLs are not wholly reactive. > > Firstly, one needs to acknowledge that all DNSBLs are not they same. > > Secondly, some listings in some DNSBLs are proactive. i.e. Made before abuse is seen. As I work for the commercial arm of Spamhaus, I know their offerings quite well and can confidently state that some of the Spamhaus block lists contain proactive and/or precautionary listings. I imagine SURBL does likewise. Other block lists probably have similar policies / inputs. > > Simon > > >> The block time policies of RBLs >> *********************************** >> There are two main types of block lists: No automatic removal and >> automatic removal >> >> Is the policy to auto de-list after a period of time, still accurate? >> >> Considering the change in abuse patterns and technology, should the >> block times be increased or de-creased? >> >> Does society require more specialist non auto de-list DNSBLs? >> (Would it be helpful to law enforcement to have a "child pornography" >> dnsbl? or a phish dnsbl? - or is the reactive time to high in order >> for dynamic ipv4? - but on ipv6 allocations to devices could be more >> 'permanent'? etc) >> >> Andre -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20170130/bd9986c7/attachment.html>
- Previous message (by thread): [anti-abuse-wg] RBL policy
- Next message (by thread): [anti-abuse-wg] RBL policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]