[registration-issues-wg] The Ten Worst Top Level Domains

Derek Smythe derek at aa419.org
Tue Mar 8 15:28:55 UTC 2016


Sivasubramanian

On 2016-03-08 01:39 PM, Sivasubramanian M wrote:
> John
> 
> This is not really a concern about the integrity of Spamhaus, but in
> general about the ability to challenge a wrong ranking. Credit Rating
> by the traditional banking sector, and Due Diligence by Agencies work
> in a certain way, the individual or business subjected to such
> evaluation and ranking are highly visible to the Agency that
> determines the ranking, but on the other hand, if their processes
> remain invisible and above reproach. 


Much like I can choose to block who ever from emailing me, so can you,
based upon whatever criteria you decide. Yes it does become more
problematic when the party is a Government.

Nobody forces the parties you mention to block email based upon the
SpamHaus listings. These operators of email services chose to do so
voluntarily. Let's just get that right. It's as simple as making a
concious decision to add the entry to the mail server configuration.
That decision can either be to block or simply add a tag "Spam" to the
header. SpamHaus is only a listing service of badness. How other
parties such as governments use it, is up to them. SpamHaus is only
the messenger.

To answer the processes issue you raise, processes are subject to
being subverted and abused in the anti-abuse space.


> Consider the case of an
> individual Internet user or a Registrar or an ISP who by error or by
> any erroneous logic gets wrongly listed as a spammer, by Spamhaus or
> by a gmail spam engine or by a government spam list, to what extent is
> the information that his address is on the spam list, and if wrong,
> what processes are available to challenge the wrong classification?

But then I can equally mention GMail and like who from time to time
block email for no known reason from non-GMail users using invalid
SMTP codes, considering how many netblock owners and other points of
contact are on their network. Despite aa419 never having sent a spam
or like from their resources, aa419.org is blocked regularly (all the
SPF DKIM etc in place). The irony is we receive more badness than we
send by a factor of much to none (= infinity) when it comes to GMail.
This became very topical during a DDoS attack when points of contact
were unreachable. Using an alternative resource resulted in "but how
do you know you are whom you say you are?".

Likewise your anti-virus vendor may list based badness upon their own
research, if they supply an email filter.

As for contacts for SpamHaus: They publish contact details. And yes,
they discourage frivolous communications. Managing a point of contact
for an anti-abuse group, I can testify why. But they do list processes
for challenges and removal.

Tbh, why are we discussing prevention of the badness, even seeing it
as problematic, and not the badness itself?

Derek Smythe
Artists Against 419
http://www.aa419.org


More information about the registration-issues-wg mailing list