Karl Denninger <karl@Denninger.Net> writes:
RBL policy is that they won't block anything more general than
is warranted by particular spam complaints and the subsequent
actions in response to those complaints or to a pattern of complaints.
For example, a bunch of complaints come in reporting that various
dialups spammed ads for www.biteme.com, a masochist oriented porn site,
which is hosted on an IP address which is part of wehost.net .
The proper procedure is that people complaining to RBL have to
have contacted wehost.net and not gotten appropriate responses.
RBL people will (always?) contact wehost.net for a final warning
and status check prior to the block, and will only block
the /32 corresponding to www.biteme.com's actual IP address.
Thus, no wehost.net customer other than biteme will be inconvenienced.
That does nothing at all, since the only listener on www.biteme.com's
address is a web server.
It punishes biteme.com for having spammed by blocking access to
their web server. That's the point.
So yes, under (as I understand them) existing RBL rules, it is possible
for purely innocent parties to get bitten (other non-spam related
customers of wehost.net) if the ISP fails to respond properly
for a significant length of time and number of incidents.
I feel that's fair; if the ISP becomes the problem, then they
should feel some heat. As long as the criteria for the ISp
being RBled as a whole are sufficiently demanding so ISPs that
are merely slow or not-entirely-cooperative don't get unnecessarily
RBLed, that makes sense to me.
That's not the scenario that was postulated and led to the latest threat.
Which exact "scenario" did you have in mind? There have been a whole
bunch posted recently by a number of people. Are you referring to
the NSI block threat, which falls under a similar scenario where
it's parts of one company rather than an ISP and its varied customers?
Last I saw, Paul stated that NSI's systems were in distinct IP blocks
from internic and internic wasn't being approached as a potential
I've seen a lot of "scenarios" fly around which bear little semblance
to reality and greatly misunderstand how the RBL is (as far as I can
tell from the outside) operating. Those scenarios are only worth
considering as a theoretical exercise in how a RBL-like entity could
go bad and as examples of how RBL isn't publicizing some of its policies
enough so that people won't be confused about what they do.
RBL in the maps.vix.com sense simply don't do some of the things
that have been at one time or another accused of them,
to my knowledge. Again, one can postulate a scenario about
a generic blacklist service unfairly affecting innocent parties,
but the actual RBL has what ppear to me to be adequate policies in place
to protect third parties. People afraid of it really should
at least listen enough to assuage fears based on policies it doesn't
-george william herbert
firstname.lastname@example.org I speak for myself only