On Sun, 13 Aug 2006, David Cary Hart wrote: > > > b) have an RBL which returns different values for different > > > confidence levels. > > > > 127.0.0.1 ... 127.0.0.100 perhaps? How would a rule to score points > > based on the returned IP look? > > I actually considered doing this. However: > > 1. Maintenance is problematic. > > 2. Creating a consistent policy for listing and removal is > nearly impossible. Ultimately, the whole thing becomes very > arbitrary.
Not necessarily. Registrars' Terms of Service should be publicly available for review; standards for ToS treatment of spammer behavior should be fairly easy to develop and apply. Registrars' responsiveness to complaints should be fairly easy to track as well, and standards for that should also be possible. Meta-question: *how much* responsibility for the domain-owner's behavior does the registrar actually or reasonably bear? What form does that responsibility take? There might even be a consideration of how complete and accurate the registrar's whois data is. A factor might be the registrar having lots of obviously-bogus domain registration data that they are unwilling to pursue correcting with the domain owners. Having correct domain owner contact information is, after all, one of the responsibilities of a legitimate registrar (modulo privacy issues - but if it's visible it should be correct!). > 3. It requires data that is unavailable. Unless one considers the > total of domains registered or served then the signal:noise becomes > incalculable. True. However there are other factors (as noted above) that can be used as a basis for a judgement that doesn't rely on knowing those bits of data. Remember, this rates the *registrar*, not the domains. > I would also note that there is no standardization of whois data. Also true, but for this the only whois data we need is the name of the domain's registrar. We don't need to deal with the myriad of different ways the registrars can present (or obscure) the actual registration data. > 4. If you compare this to our PRC or Korea lists, a user can > evaluate whether or not they receive any valid email from those > countries and score accordingly. Agreed. The spam-friendliness of the registrar should only be a component of the spam/ham decision, not the entire decision. > 5. I believe that our "quarantine" policy provides a real incentive > for administrators to lock down their servers. Yet that knowingly > creates a certain amount of ham. However there is a consistent and > pragmatic methodology associated with delisting. "delisting" in this case would involve the registrar responding promptly and effectively to complaints about the domains registered with them, and having a ToS agreement that is not friendly to spam behavior, and enforcing accurate domain ownership data. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The fetters imposed on liberty at home have ever been forged out of the weapons provided for defense against real, pretended, or imaginary dangers from abroad. -- James Madison, 1799 -----------------------------------------------------------------------
