On Aug 1, 2007, at 7:10 AM, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
Does anyone have any thoughts on this? Sorry if this is the wrong place to ask.
It would be better for you to join an organization like MAAWG http://www.maawg.org/home which is attempting to define best current practices for ISPs. I don't know whether or not they have dealt with this particular issue yet, but it sounds like something that falls under their umbrella.
There were recent efforts made within ASRG with respect to black-hole lists. The AS, and not the IP address, indicates the responsible entity. For our service, some lists coalesce CIDRs into larger ranges based upon the presences of spam in a majority of the included IP addresses. This process is algorithmic, and not dependent upon other information. We now also offer a service where this "escalation" is not used in less aggressive listings. A customer can now change the active list at any time. : ) Reverse listing information may help in determining whether a CIDR is assigned to DUL only when the ISP is not responsive. For the DUL, the AS is authoritative with respect to what gets listed. As long as there is some communication with ISP, there should never be a problem with this list. We are adding a portal to make this process easier to manage. The other side of this issues is that we tend to deal with complaints from the ISP's customers who often feel their IP address should not be placed into this category. In those cases, these customers must be referred back to their provider, as only their provider is authoritative in this matter. Now that Microsoft joined the MAAWG board, security or operational concerns related to Sender-ID/SPF are being muted. While I admit to being biased about possible DDoS exploits, it is also clear MAAWG is somewhat biased about Sender-ID. : ( -Doug