nanog mailing list archives
Re: Arrogant RBL list maintainers
From: William Herrin <herrin-nanog () dirtside com>
Date: Wed, 16 Dec 2009 08:16:23 -0500
On Wed, Dec 16, 2009 at 7:06 AM, Mike Lieman <mikelieman () gmail com> wrote:
Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers are than some half-baked idea of trying to enforce what hostnames should look like? What's the word for 'mail server' in Lower Sorbian, and does your algorithm properly detect it in a hostname? See the problem here?
Mike, If you really want to know, download the spamassassin code and start reading. You'll find both the answers to how names are checked and rankings of empirical effectiveness. On Wed, Dec 16, 2009 at 7:15 AM, Rich Kulawiec <rsk () gsp org> wrote:
This is nonsense. RDNS/DNS naming choices are a trivial obstacle to spammers et.al. who went over this speed bump at 70 MPH years ago and have been accelerating ever since. This kind of security-by-obscurity tactic is far more likely to draw their attention than evade it, as any site using it has in effect run up a large flag with "we don't understand security basics" written on it and thus made itself an attractive target.
Rich, This depends on the spammer and his methodology. A significant fraction of spam, perhaps the majority, originates from hijacked user PCs. For this subset of spam sources, adjusting the RNDS is an insurmountable obstacle. There's no magic bullet for stopping spam but there are a lot of heuristics which eliminate a useful fraction. Using the RDNS to make an educated guess about whether a particular machine's owners intend it to operate as a mail server is such a heuristic. If you must whine about antispam techniques, whine about something important. Filtering by IP address in a bazillion private block and permit lists makes it very hard for large legitimate mailing list operators to renumber when changing ISPs. The new IP address isn't on any of the permit lists yet and it may be on block lists as a result if its prior user. This pushes list operators towards PI, BGP and consuming expensive real estate in your routers for a protocol which is otherwise relatively trivial to renumber. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Arrogant RBL list maintainers, (continued)
- Re: Arrogant RBL list maintainers Steven Champeon (Dec 16)
- Re: Arrogant RBL list maintainers Mike Lieman (Dec 16)
- Re: Arrogant RBL list maintainers Steven Champeon (Dec 17)
- Re: Arrogant RBL list maintainers Michael Holstein (Dec 17)
- Re: Arrogant RBL list maintainers James Hess (Dec 15)
- Re: Arrogant RBL list maintainers Suresh Ramasubramanian (Dec 15)
- Re: Arrogant RBL list maintainers Adam Armstrong (Dec 16)
- Re: Arrogant RBL list maintainers Mike Lieman (Dec 16)
- Re: Arrogant RBL list maintainers William Herrin (Dec 16)
- Re: Arrogant RBL list maintainers Valdis . Kletnieks (Dec 16)
- Re: Arrogant RBL list maintainers Jack Bates (Dec 16)
- Re: Arrogant RBL list maintainers Matthew Petach (Dec 16)
- Re: Arrogant RBL list maintainers Jack Bates (Dec 16)
- Re: Arrogant RBL list maintainers Valdis . Kletnieks (Dec 16)
- Re: Arrogant RBL list maintainers Matthew Petach (Dec 16)