Feel free to speak up with specific issues on specific DNSBLs and let's
see if we can get the issues resolved.
On 2/17/2014 3:10 PM, Greg Troxel wrote:
"Kevin A. McGrail" <kmcgr...@pccc.com> writes:
1st, I would say to look at
http://wiki.apache.org/spamassassin/DnsBlocklistsInclusionPolicy and
see what changes you are recommending globally.
What's missing is the requirement to effectively address situations,
which involves
publically-posted contact address (with an SA norm that the address is
in the rule output)
The URL for the website at
http://wiki.apache.org/spamassassin/DnsBlocklists is likely as far as I
would vote to require. Many lists have their own requirements, forms,
etc. and that is fine.
initial response to complaints, at least by the next business day,
preferably with an incident number or similar
I think this is a bit over the top. What about the volunteer organizations?
delisting the offender, or otherwise fixing the problem so that it
doesn't recur (if customer's system had been broken into, and is
fixed, that's ok, as an example)
If you don't like the list, you always have the option to turn it off.
Without specifics, I can't envision changes to a broad reaching policy
that took months to develop.
This is all sort of implied by 'no intent to profit by non-objective
treatment' and 'must have clear procedures for listing and de-listing',
but it's obviously not adequately implied, because whitelists that don't
resolve issues have in the past remained in the ruleset.
Please be specific. What DNSBL are we discussing and what issue?
Generalities don't help because as you can see, I believe we've covered
the general spirit of what you want in the policy.
2nd, then what specific DNSBL are you having an issue with right now
that you are asking to be escalated?
Right now, I'm not having an issue (partly because I haven't had cycles
to pay attention and complain about individual spam mails, I suspect).
I have had issues with several places in the past, but they are far
enough back that I don't want to drag them into this discussion. I
spoke up because the original poster seemed to be having a situation
that matched by experience:
get spammed by a whitelisted IP address
send a complaint to the address of record for that DB
time passes, and IP address is not removed from the DB
point out the problem in public, calling for removal of that whitelist
perhaps have the issue finally addressed
In my opinion; this isn't an ok pattern - if a pay-to-list whitelist
doesn't handle problems on receiving a simple complaint, it shouldn't be
allowed in thd default ruleset. I don't mean to suggest that we require
100% happiness, but it has been clear when I posted specific complaints
in the past that my experience was more typical than exceptional.
Agreed. It isn't an ok pattern but without specifics brought to our
attention to enforce the existing policy, this is very difficult to handle.
I therefore encourage you to bring up these issues publicly for
discussion when they do happen. Many of the DNSBL operators that work
with SpamAssassin have been very open to discussion, changes, etc. based
on list content. And at worst, our project needs to know about it to
consider disabling an DNSBL by default.
But right now, I've got very little to go on.
Regards,
KAM
