Re: Lazy network operators - NOT

[Iljitsch van Beijnum <iljitsch () muada com>]

On 18-apr-04, at 16:55, Paul Vixie wrote:

> we already know that the average broadband provider is not even aware 
> of their
> role in the overall spam problem, and does not have the budget to 
> employ
> anyone who could (a) become aware of an HINFO-like registry, (b) know 
> what
> category their netblocks belong in, (c) have the technical ability to 
> update
> the RFC1101-like info at the apex of the appropriate zones, and (d) get
> approval from management/legal/marketing/sales to put this data in.  
> so,
> it's going to have to be an external entity like a RIR or DNSBLP who 
> runs
> a global "BBL" and externally categorizes these netblocks.

Maybe a stupid question... But if broadband providers aren't going to 
do this, and considering there are way less legitimate SMTP senders 
than broadband users, wouldn't it make more sense to whitelist known 
real SMTP sources rather than blacklist all addresses that potentially 
have a fake one?

This has the advantage that he solution stays in the hands of the 
people who are experiencing the problem: SMTP operators.

It would be important to make this a list of legitimate SMTP hosts 
only, and NOT a list of non-spammers, as the former can be determined 
through technical means (1) and the latter is open to endless debate. 
(As we can see with pretty much all existing blacklists.)

(1) I'm assuming spamworms won't be sporting an 
I-can't-believe-this-isn't-a-real-MTA any time soon.