[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"

To: Anti-Spam Research Group - IRTF <asrg at ietf.org>
Subject: Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
From: Steve Atkins <steve at blighty.com>
Date: Fri, 4 Apr 2008 14:36:56 -0700
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <47F5907F.8080908 at nortel.com>
List-archive: <http://www.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20080403190130.1D15032CE5 at radish.jmason.org> <47F5907F.8080908 at nortel.com>
Reply-to: Anti-Spam Research Group - IRTF <asrg at ietf.org>
Sender: asrg-bounces at ietf.org

On Apr 3, 2008, at 7:20 PM, Chris Lewis wrote:
> Justin Mason wrote:
>> SM writes:
>>> At 09:45 03-04-2008, Chris Lewis wrote:
>>>> That's two votes for a 127.0.0.2 (as 2.0.0.127.<queryroot>)  
>>>> testpoint,
>>>> and one for a variety of wierd domain named ones, none of which is
>>>> example.com.  In the latter (SURBL), they say that Justin Mason
>>>> suggested _not_ using "example.com" (eg: example.com.sc.surbl.org)
>>>>
>>>> For my own curiousity, I'll ask why Justin said example.com was  
>>>> bad.
>>> These lists are used to detect URIs appearing in the message
>>> body.  example.com is a domain reserved for examples and can  
>>> appear in ham.
>>
>> Exactly.
>
> I feel so ... dumb ;-)  127.0.0.2 will have similar problems.  The  
> thing
> to choose would preferably be something that's not resolveable, and is
> unlikely to ever be used in a real link.  SURBL has something like
> "this-is-not-likely-to-ever-appear.<queryroot>".  Perhaps the BCP  
> should
>  simply give suggestions on how to invent a test string rather than
> mandating a specific one.  Or punt.

It's the eicar problem.

I think there needs to be a standard test string that can be used for  
liveness
testing. It doesn't need to be a syntactically correct domain, though  
if it
were that would make it easy to use for testing of an entire filtering  
system
as well as life-testing of a blacklist. It does need to be common across
blacklists, though, so that it can be hard-coded in software - so that  
URI
based filters can be given new private or public lists to use, without  
the
software developer needing to be aware of them, and can still do  
liveness
checks, to ensure that dead lists aren't queried.

I'd suggest

   "always-listed.standard-email-filtering-test-domain.com"

The latter leaves the possibility of using things like this ...

   url-in-body.standard-email-filtering-test-domain.com
   from-address.standard-email-filtering-test-domain.com
   helo-string.standard-email-filtering-test-domain.com

... to use as standard test patterns for particular sorts of domain  
based
lists that can be used to test whether an entire filtering system is  
working
correctly. (This would be in addition to list-specific test strings that
allow users to craft domains that will hit SURBL, but not URIBL and
so on, not in place of them).

Cheers,
   Steve

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
  - From: Matt Sergeant

References:
- Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
  - From: Justin Mason
- Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
  - From: Chris Lewis

Prev by Date: Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Next by Date: Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Previous by thread: Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Next by thread: Re: [Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Index(es):
- Date
- Thread