nanog mailing list archives
Re: marking dynamic ranges, was fixing insecure email infrastructure
From: Markus Stumpf <maex-lists-nanog () Space Net>
Date: Tue, 25 Jan 2005 18:58:16 +0100
On Tue, Jan 25, 2005 at 12:22:33PM -0500, Valdis.Kletnieks () vt edu wrote:
Which would mean that if Suresh insisted on revDNS, he'd end up blocking only 2 hosts, but 40% of his legitimate mail would be dropped on the floor.
Correct. But neither MTAMARK nor I suggest blocking based on non existant revDNS. The idea of MTAMARK is to add information to revDNS to give the sending host either a better reputation or signal "do not accept mail from that host". For the deployment of such information it makes a difference if 40% of the hosts don't have revDNS or only 4%. With 4% it may be worth the trouble convincing some admins and adding some local whitelisting rules, with 40% you probably don't need to try starting at all.
I'd *hope* that knowingly dropping 40% of the *legitimate* mail on the floor would be considered a CLM. But these days some providers seem to think "all of Europe" is a reasonable filter.....
Isn't this free market economy? They want to isolate themselves, it's their decision. And IMHO "all of Europe" is more fair than "all of Europe but not the five biggest ISPs". \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"
Current thread:
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet), (continued)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Dave Crocker (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Valdis . Kletnieks (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Suresh Ramasubramanian (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Steven Champeon (Jan 12)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet) Andre Oppermann (Jan 13)
- Re: marking dynamic ranges, was fixing insecure email infrastructure John Levine (Jan 13)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 24)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Suresh Ramasubramanian (Jan 24)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Valdis . Kletnieks (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure J.D. Falk (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Valdis . Kletnieks (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Markus Stumpf (Jan 25)
- Re: marking dynamic ranges, was fixing insecure email infrastructure Suresh Ramasubramanian (Jan 25)
- Message not available
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Owen DeLong (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] william(at)elan.net (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Suresh Ramasubramanian (Jan 13)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Todd Vierling (Jan 14)
- Re: fixing insecure email infrastructure (was: Re: [eweek article] Mark Andrews (Jan 14)