nanog mailing list archives

Re: Arrogant RBL list maintainers

From: William Herrin <herrin-nanog () dirtside com>
Date: Wed, 16 Dec 2009 08:16:23 -0500

On Wed, Dec 16, 2009 at 7:06 AM, Mike Lieman <mikelieman () gmail com> wrote:

Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
are than some half-baked idea of trying to enforce what hostnames should
look like?

What's the word for 'mail server' in Lower Sorbian, and does your algorithm
properly detect it in a hostname?  See the problem here?


Mike,

If you really want to know, download the spamassassin code and start
reading. You'll find both the answers to how names are checked and
rankings of empirical effectiveness.


On Wed, Dec 16, 2009 at 7:15 AM, Rich Kulawiec <rsk () gsp org> wrote:

This is nonsense.  RDNS/DNS naming choices are a trivial obstacle to
spammers et.al. who went over this speed bump at 70 MPH years ago and
have been accelerating ever since.  This kind of security-by-obscurity
tactic is far more likely to draw their attention than evade it, as any
site using it has in effect run up a large flag with "we don't understand
security basics" written on it and thus made itself an attractive target.


Rich,

This depends on the spammer and his methodology. A significant
fraction of spam, perhaps the majority, originates from hijacked user
PCs. For this subset of spam sources, adjusting the RNDS is an
insurmountable obstacle.

There's no magic bullet for stopping spam but there are a lot of
heuristics which eliminate a useful fraction. Using the RDNS to make
an educated guess about whether a particular machine's owners intend
it to operate as a mail server is such a heuristic.


If you must whine about antispam techniques, whine about something
important.  Filtering by IP address in a bazillion private block and
permit lists makes it very hard for large legitimate mailing list
operators to renumber when changing ISPs. The new IP address isn't on
any of the permit lists yet and it may be on block lists as a result
if its prior user. This pushes list operators towards PI, BGP and
consuming expensive real estate in your routers for a protocol which
is otherwise relatively trivial to renumber.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

Re: Arrogant RBL list maintainers, (continued)
- - - Re: Arrogant RBL list maintainers Steven Champeon (Dec 16)
    - Re: Arrogant RBL list maintainers Mike Lieman (Dec 16)
    - Re: Arrogant RBL list maintainers Steven Champeon (Dec 17)
    - Re: Arrogant RBL list maintainers Michael Holstein (Dec 17)
- Re: Arrogant RBL list maintainers Rich Kulawiec (Dec 15)
- Re: Arrogant RBL list maintainers Adam Armstrong (Dec 15)
  - Re: Arrogant RBL list maintainers James Hess (Dec 15)
    - Re: Arrogant RBL list maintainers Suresh Ramasubramanian (Dec 15)
    - Re: Arrogant RBL list maintainers Adam Armstrong (Dec 16)
    - Re: Arrogant RBL list maintainers Mike Lieman (Dec 16)
    - Re: Arrogant RBL list maintainers William Herrin (Dec 16)
    - Re: Arrogant RBL list maintainers Valdis . Kletnieks (Dec 16)
    - Re: Arrogant RBL list maintainers Jack Bates (Dec 16)
    - Re: Arrogant RBL list maintainers Matthew Petach (Dec 16)
    - Re: Arrogant RBL list maintainers Jack Bates (Dec 16)
    - Re: Arrogant RBL list maintainers Valdis . Kletnieks (Dec 16)
    - Re: Arrogant RBL list maintainers Matthew Petach (Dec 16)
    - Re: Arrogant RBL list maintainers Rich Kulawiec (Dec 16)
    - Re: Arrogant RBL list maintainers Sean Donelan (Dec 16)