On 10 Aug 2015, at 04:57 , Roman Mamedov rm@romanrm.net wrote:
On Mon, 10 Aug 2015 06:39:45 +1200 Carlin Bingham cb@viennan.net wrote:
Try MX Toolbox's blacklist check[0], it searches over 90 blacklists and you'll find at the very least you're on one of the Tor-specific lists.
Yeah on precisely one:
DAN TOR This DNS blacklist contains ALL tor nodes (both entry and exit nodes) - The tor nodelist is updated every hour automatically from the live tor network. There is no complaint procedure to have an IP address removed from this list as it will be automatically removed once the tor node ceases to run (with a maximum of 1 hour delay). More information about DAN TOR can be found at their website: https://www.dan.me.uk/dnsbl
So not "several", and not a "this IP is a source of spam" list, that one is not even a blacklist per se, and those using it as one are incompetent and wrong. In fact I would also categorize the person "so helpfully running it" as such, since there is no reason whatsoever to track non-exit relays in any kind of a publicly offered "black"list, unless you just want to inflict harm onto the relay operators and get them unfairly blocked from various services.
I just asked the operator of the "DAN TOR" blocklists to make it easier for people to use the exit-only blocklist, and link to the relevant Tor FAQs so they can make an informed decision.
I'll let you know if he responds.
Begin forwarded message:
From: teor teor2345@gmail.com Subject: Tor Blocklist Confusion Date: 10 August 2015 13:42:26 AEST To: me@dan.me.uk
Hi Dan,
It appears that a number of website operators are using the .tor.dan.me.uk blocklist to block website access from the entire Tor network. It appears that they are doing this by mistake, because they are confusing the .tor.dan.me.uk and .torexit.dan.me.uk blocklists (or don't know which one to choose).
Could you make some changes to the blocklist page to avoid this happening in future?
[I have personally experienced the Apple Support Forums and various other sites blocking non-exit relay IPs. Other Tor relay operators complain about this regularly on the tor-relays mailing list. (One operator even questions why the full Tor network blocklist exists in the first place.) See the thread https://lists.torproject.org/pipermail/tor-relays/2015-August/007595.html ]
If you are willing, the following changes could make it easier for website operators to choose the appropriate list:
Place the .torexit.dan.me.uk blocklist at the top of the page, above the .tor.dan.me.uk blocklist.
Explain that by blocking Tor exits, you will block normal people who use Tor to protect their privacy https://www.torproject.org/about/torusers.html.en
Provide a link to the Tor Project's FAQ about blocking Tor nodes at https://www.torproject.org/docs/faq-abuse.html.en#Bans
Explain that using the .tor.dan.me.uk blocklist will block Tor nodes that don't allow outbound connections (non-Exit nodes), and that there is typically no reason to do this, and direct users to the .torexit.dan.me.uk blocklist instead. (The current "think carefully" doesn't provide enough information for people to make an informed decision, particularly if they aren't familiar with Tor.)
Link to the Tor Project FAQ on Exit Policies at https://www.torproject.org/docs/faq.html.en#ExitPolicies
(A more radical change could be to rename or remove the .tor.dan.me.uk blocklist. This would help avoid confusion and misuse, but would break current setups - so I can't imagine this being an option for you.)
Thank you for considering my request
Tim (teor)
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7