OT: Regarding running RBL's inhouse
Glenn Steen
glenn.steen at GMAIL.COM
Thu Nov 10 12:43:50 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On 10/11/05, Anders Andersson, IT <anders.andersson at ltkalmar.se> wrote:
> > On 09/11/05, Anders Andersson, IT
> > <anders.andersson at ltkalmar.se> wrote:
> > > Hi
> > > There has been a little desussion between me and other mail admins,
> > > working in same line of bussiness running a shared
> > RBL-server. Since
> > > the heaalthcare business here have rules and regulations
> > its sometimes
> > > hard to use external RBL's that we can't controll.
> >
> > Really? Assuming you don't have any other rules than the ones
> > governing any Swedish government works/institutions, you
> > should be fine... at least using them for scoring and
> > probably even for flat-out rejections. STAKO has a nice
> > publication on the legal aspects of this for public institutions ...
> > http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ...
> > Perhaps worth reading for you too?
> >
> > --
> > -- Glenn
> Ive read it and its more or less on those grounds we been discussing.
> Nothing been desided but since we all get hammered from time to time and
> since we would all do our part it might be plausable solution :)
Yes, of course! As they stress time and time again, the policy (as
derived from applicable laws) is largely up to each institution... So
defining ones own measure (RBL in this case) might be correct for one
institution, but not another.
Since the laws aren't specifically written with spam in mind (well,
perhaps with the snail-mail variant, but not with email carried
dittos:-), there is some room for interpretation...
As I (and thankfully my organization) sees it, it is quite OK to use
RBLs as long as we don't delete, but rather store, so that a
designated handler (person) can review them...
Means that someone has to glance through the quarantine (but not
necessarily the actual mails... compare with throwing away a ...
promotional ... catalog without checking inside it for a margin
note/messages from a citizen to the government) in MW once/week (I
keep my quarantine for 93 days, to be on the safe side;), but no one
else need even look.
And one could even use the law governing public archives as such that
one could delete as a "preemptive culling"... although this is more
... murky waters.
>
> There is still the problem finding out good workflows and how to handle
> it from different systems. Maybe a honeypot on each of our different
> domains harvesting emails.
>
>
> /Anders
>
Oh yes, by all means... Or perhaps just "harvest each others
quarantines"... Would be rather funky to have some official "public
sector owned" Swedish RBLs. Not sure the PHB would see it like that
though:-).
And there is the problem of each "participating" government agency
having to ... sync .. their spam handling policies. Perhaps not
doable.
This RBL _should_ be handled/operated/funded by Sitic (Swedish
IT-incident center: http://www.sitic.se/), but I rather doubt they'd
agree:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list