Karl Denninger <karl@Denninger.Net> writes:
On Thu, Nov 19, 1998 at 01:58:40PM -0800, George Herbert wrote:
RBL policy is that they won't block anything more general than is warranted by particular spam complaints and the subsequent actions in response to those complaints or to a pattern of complaints. For example, a bunch of complaints come in reporting that various dialups spammed ads for www.biteme.com, a masochist oriented porn site, which is hosted on an IP address which is part of wehost.net . The proper procedure is that people complaining to RBL have to have contacted wehost.net and not gotten appropriate responses. RBL people will (always?) contact wehost.net for a final warning and status check prior to the block, and will only block the /32 corresponding to www.biteme.com's actual IP address. Thus, no wehost.net customer other than biteme will be inconvenienced.
That does nothing at all, since the only listener on www.biteme.com's address is a web server.
It punishes biteme.com for having spammed by blocking access to their web server. That's the point.
So yes, under (as I understand them) existing RBL rules, it is possible for purely innocent parties to get bitten (other non-spam related customers of wehost.net) if the ISP fails to respond properly for a significant length of time and number of incidents. I feel that's fair; if the ISP becomes the problem, then they should feel some heat. As long as the criteria for the ISp being RBled as a whole are sufficiently demanding so ISPs that are merely slow or not-entirely-cooperative don't get unnecessarily RBLed, that makes sense to me.
That's not the scenario that was postulated and led to the latest threat.
Which exact "scenario" did you have in mind? There have been a whole bunch posted recently by a number of people. Are you referring to the NSI block threat, which falls under a similar scenario where it's parts of one company rather than an ISP and its varied customers? Last I saw, Paul stated that NSI's systems were in distinct IP blocks from internic and internic wasn't being approached as a potential blockage target. I've seen a lot of "scenarios" fly around which bear little semblance to reality and greatly misunderstand how the RBL is (as far as I can tell from the outside) operating. Those scenarios are only worth considering as a theoretical exercise in how a RBL-like entity could go bad and as examples of how RBL isn't publicizing some of its policies enough so that people won't be confused about what they do. RBL in the maps.vix.com sense simply don't do some of the things that have been at one time or another accused of them, to my knowledge. Again, one can postulate a scenario about a generic blacklist service unfairly affecting innocent parties, but the actual RBL has what ppear to me to be adequate policies in place to protect third parties. People afraid of it really should at least listen enough to assuage fears based on policies it doesn't really have. -george william herbert gherbert@crl.com I speak for myself only