Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] letit2 [.] bit blacklist

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] letit2 [.] bit blacklist


Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT sourpuss.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] letit2 [.] bit blacklist
  • Date: Tue, 05 Sep 2017 14:04:37 -0600
  • Authentication-results: mx5.sourpuss.net; dmarc=none header.from=sourpuss.net
  • Dmarc-filter: OpenDMARC Filter v1.3.0 mx5.sourpuss.net 5FDD62D6EE

That's not quite it... The folks at spamhaus are submitting their data directly into our blacklist using the API.  I set up categories on the entries so this allows us to sort the blacklist info based on who submitted it.  Basically the whole process is automated so nobody has to keep entering data.

There's still a lot to do in this whole process.  I need to add flags to the servers page to make it obvious when blacklisting is used.  I need to add the option to mark exactly which blacklists are being used by a server.  And I need to add options for blacklists to the geoip API page so that users can search for that.  In addition, there of course needs to be new wiki pages talking about the process.

Since there haven't been any objections, I think I will go ahead and change the code to allow the viewing of blacklists without authentication.  I do agree the information should be open, and it would make it a lot easier for other people's web pages to display the information.

On 09/02/2017 06:57 AM, Wil wrote:
I might be a little bite late on this. But just wanted to bring my 2 cents. 

If I did understand right, SpamHaus sends the domains to blacklist to one or more admins, whose then update the list for the API.
When a user come to choose a DNS server, he can see in the details, if servers do or do not use a blacklist.

If I was this user, my first question would be, why and what’s in this list.
I guess that you don't stumble by chance on OpenNic. And maybe trust is the first think that I’ve in mind. Obscurancy doesn’t play well with trust and I wouldn’t like to search for 1 hour to understand the whole thing (even if I might be wrong on this).

Maybe a single page which explain everything, which also mention an up-to-date list wouldn’t heart.

I trully understand your concern about the way malware developpers could use an open list. But to be honest, I think it would be quite easy to test for example, every 5 min, if there domains are blacklist or not.
Beside, all OpenNic users should « pay » for a bunch of those guys.

I’m not a developper, but if I can do anything to put online a page that explain everything (on the wiki ?), I’m be glad to help.

Take care,
Wil.
Moment léger au hasard :  « Faites attention, la statistique est toujours la troisième forme du mensonge. » Jacques Chirac



--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page