nanog mailing list archives
Re: why IPv6 isn't ready for prime time, SMTP edition
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 26 Mar 2014 08:36:10 -0400
On Tue, Mar 25, 2014 at 11:35:57PM -0000, John Levine wrote:
It has nothing to do with looking down on "subscribers" and everything to do with practicality. When 99,9% of mail sent directly from consumer IP ranges is botnet spam, and I think that's a reasonable estimate, [...]
Data point: it's an extremely reasonable estimate. If anything, though, it's an underestimate: the actual rate has several more 9's in it. And if the sending host (a) has generic rDNS and/or (b) fingerprints as Windows, then it approaches 100% so closely as to not be worth arguing about. There is no point in performing any checks other than these on SMTP connections from such hosts. There is no reason to permit the conversation to continue to the DATA stage and to scrutinize the message contents. These actions are both wasteful and superfluous. The only correct action to take at this point is to issue an SMTP reject and end the conversation. It's a pity that this is true. But a decade-plus after the botnet problem became well-known, I can't name an ISP which has developed and deployed an effective mitigation strategy against them. So far it's been band-aids (blocking port 25) and PR (press conferences and initiatives and task forces etc.). ("botnet takedowns" are meaningless fluff and merely fodder for self-congratulatory press conferences. All those systems in the botnet are still compromised. All those systems are still vulnerable to the same attack vectors that resulted in their initial compromise. And quite likely before the ink is dry on the accompanying press release, other botnet operations will harvest them for use in their own operations. Meet the new boss, same as the old boss.) ---rsk
Current thread:
- Re: why IPv6 isn't ready for prime time, SMTP edition, (continued)
- Re: why IPv6 isn't ready for prime time, SMTP edition Brielle Bruns (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Rob McEwen (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Valdis . Kletnieks (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Laszlo Hanyecz (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Robert L Mathews (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Paul Ferguson (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Brielle Bruns (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Brielle Bruns (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Rob McEwen (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition John Levine (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Rich Kulawiec (Mar 26)
- RE: why IPv6 isn't ready for prime time, SMTP edition MailPlus| David Hofstee (Mar 26)
- Re: why IPv6 isn't ready for prime time, SMTP edition Mikael Abrahamsson (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Chip Marshall (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition John Levine (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Jimmy Hess (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition John R. Levine (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Valdis . Kletnieks (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Jimmy Hess (Mar 25)
- RE: why IPv6 isn't ready for prime time, SMTP edition MailPlus| David Hofstee (Mar 26)
- RE: why IPv6 isn't ready for prime time, SMTP edition Naslund, Steve (Mar 26)