Skip to main content

Overview of Best Email DNS-Based List (DNSBL) Operational Practices
RFC 6471

Yes

(Jari Arkko)
(Pete Resnick)
(Robert Sparks)
(Ron Bonica)

No Objection

(Gonzalo Camarillo)
(Russ Housley)
(Stewart Bryant)
(Wesley Eddy)

Note: This ballot was opened for revision 10 and is now closed.

(Jari Arkko; former steering group member) Yes

Yes ()

                            

(Pete Resnick; former steering group member) Yes

Yes ()

                            

(Robert Sparks; former steering group member) Yes

Yes ()

                            

(Ron Bonica; former steering group member) Yes

Yes ()

                            

(Adrian Farrel; former steering group member) No Objection

No Objection (2011-09-22)
I was surprised that this document did not seek to make any disclaimer wrt the legality of applying blacklists beyond the scope of entirely private systems. I would not want the IRTF to appear to condone practices that may be of dubious legality in some jurasditctions.

(Dan Romascanu; former steering group member) No Objection

No Objection (2011-09-22)
I support Russ's DISCUSS. 

(Gonzalo Camarillo; former steering group member) No Objection

No Objection ()

                            

(Peter Saint-Andre; former steering group member) No Objection

No Objection (2011-09-21)
Overall I think this is a helpful set of guidelines. Herewith a few comments.

1. I concur with the DISCUSS from Russ Housley. Note that Sections 1.2 
and 3.6.1 include the term "BCP".

2. The abstract states:

   This document is a product of the Anti-Spam Research Group and
   represents the consensus of that group.

Section 1.4 states:

   NOTE:  This document is a product of the Anti-Spam Research Group
      (ASRG) of the IRTF.  As per section 3 of [RFC2014] IRTF groups do
      not require consensus to publish documents.  Therefore readers
      should be aware that this document does not necessarily represent
      the consensus of the entire ASRG.

Those two statements appear to be in conflict.

3. With regard to DoS attacks, consider adding a reference to RFC 4732.

4. The security considerations seem a bit thin to me given that DNSBLs 
are used in ways different from "normal" DNS servers (e.g., RFC 3833 talks
about denial of service attacks on DNS servers, but not malicious use of
DNS-based services to poison the behavior of email servers and the like).

5. Please expand relevant acronyms on first use and provide appropriate 
citations (e.g., "IRC").

(Russ Housley; former steering group member) (was Discuss) No Objection

No Objection ()

                            

(Stephen Farrell; former steering group member) No Objection

No Objection (2011-09-22)
I agree with the other discusses to date

(Stewart Bryant; former steering group member) No Objection

No Objection ()

                            

(Wesley Eddy; former steering group member) No Objection

No Objection ()