On 30 Jan 2017, at 06:13, ox <andre@ox.co.za> wrote:
Hello All,
May I please solicit some comments about Abuse Block lists
(Without detracting from RFC 5782 and RFC 6471 or :
https://www.ripe.net/publications/docs/ripe-409 )
Firstly, the background for the start of this thread is simply: As the
use of machine learning technology is now also applied and adapted for
the use of cyber criminals (including spammers, scammers, etc) the
rules and what is socially acceptable is and has changed. Global
politics, protectionism, nationalism and the other 'isms' are also
causing change.
Considering that DNSBL tech is "reactive" (after he abuse)
This statement appears to be exclusionary — and is one often levelled against DNSBLs. All DNSBLs are not wholly reactive.
Firstly, one needs to acknowledge that all DNSBLs are not they same.
Secondly, some listings in some DNSBLs are proactive. i.e. Made before abuse is seen. As I work for the commercial arm of Spamhaus, I know their offerings quite well and can confidently state that some of the Spamhaus block lists contain proactive and/or precautionary listings. I imagine SURBL does likewise. Other block lists probably have similar policies / inputs.
Simon
The block time policies of RBLs
***********************************
There are two main types of block lists: No automatic removal and
automatic removal
Is the policy to auto de-list after a period of time, still accurate?
Considering the change in abuse patterns and technology, should the
block times be increased or de-creased?
Does society require more specialist non auto de-list DNSBLs?
(Would it be helpful to law enforcement to have a "child pornography"
dnsbl? or a phish dnsbl? - or is the reactive time to high in order
for dynamic ipv4? - but on ipv6 allocations to devices could be more
'permanent'? etc)
Andre