SORBS?!

Jimmy Hess mysidia at gmail.com
Fri Apr 6 13:29:30 CDT 2012


On Fri, Apr 6, 2012 at 8:48 AM,  <Valdis.Kletnieks at vt.edu> wrote:
> If it was industry-wide standard practice that just notifying a provider resulted
> in something being done, we'd not need things like Senderbase, which is after
> all basically a list of people who don't take action when notified...
>
[snip]
Pot calling the kettle black.    Before we talk about industry-wide
practice about the providers "doing something".  We should talk about
industry-wide practice for "Black lists"   doing something to correct
entries,   instead of just building up indiscriminate or irresponsibly
maintained lists of networks or "scores"  of networks  that were
targetted by a spammer at one time in the past.

It's just as bad for a blacklist operator to not respond  and "do
something" for a network  operator legitimately trying to resolve spam
problems with their network and clear the listing as it is for a
network abuse contact to not respond to a network operator.

We should talk about industry-wide practices for how providers should
be notified,
what providers are actually supposed to do to  "authenticate reports",  because
sometimes the report/notification itself is malicious or false
abusive attempt to
harass an innocent email user,   and what exactly providers are
actually expected
to do with certain kinds of notification.

The informal standard of  "just call or send an e-mail to an abuse
contact"  is poorly
specified.     The informal standard of   "the abuse contact should
investigate and take
immediate action"  is poorly specified.


Some of these things that are not specified by RFC should be specified
by RFC as best practice.
There should be abuse notification and response notification
mechanisms other than  free form e-mail.

--
-JH



More information about the NANOG mailing list