nanog mailing list archives
RE: RBL-type BGP service for known rogue networks?
From: "Roeland M.J. Meyer" <rmeyer () mhsc com>
Date: Sat, 8 Jul 2000 21:24:28 -0700
Roland (first off, you're missing an 'e' <g>), I agree. MHSC lost an entire market plan, hosting third-party secure mail, becasue third-party mail services must allow relaying that is at minimum semi-open. At the time SMTP AUTH didn't exist (Until it's use becomes more wide-spread it still isn't real useful). The anti-relay bunch are killing a valid business model. Even for internal use, we have staff, on client-site, that need to send/recieve their mail from our servers, even when their lap-top is DHCP attached to another net-block. Every week we find ourselves having to open the relays more and more. Next week, I am travelling to the EU on business. That's yet more net-blocks that I have to allow relaying from. A single ORBS forged header, with the right source info in it, will pass right through our mail system, like it was greased. The whole anti-relay jihad is a fallacious rat-hole populated by rabid self-righteous rats who don't have a clue. If they don't need it then it must not be a valid feature <humph!>. ORBS itself should be RBL'd, IMHO. Using the same sort of mind-set to subjectively BL script-kiddee networks is dangerous, as the ORBS bunch has shown. It is all too easy for it to get out of hand, vigilante-style. What are the criteria and who has the over-sight? That said, having had a few of our production hosts "owned", by mwsh in the past, I am NOT fond of script-kiddies and agree that something needs to be done. But, I am seriously resistant to yet another ORBS style regulator bunch. That is NOT the answer. Please, let's all look for another solution. --- R O E L A N D M . J . M E Y E R CEO, Morgan Hill Software Company, Inc. Tel: (925)373-3954 Fax: (925)373-9781 http://staff.mhsc.com/rmeyer
rdobbins () netmore net: Saturday, July 08, 2000 11:03 AM ORBS forge headers (thereby violating the RFC) to look as if they're coming from domains you host, then if it goes through, they put you in their little black book for being an 'open relay'. No notice, nothing. The problem with this is that for hosting-only providers like my firm, it's blatantly unfair. We have thousands of users residing on networks (lots of
encourage them to use IMAP, it's like herding cats to get any substantial percentage doing anything other than basic POP and SMTP. POP-before-SMTP isn't viable for the same reason that it's
extremely
difficult to get people to use IMAP; to wit, users tend to resist change. In a corporate environment, you can force remote users to use additional authentication mechanisms, as long as you're willing to set them up and train the users. Out here in the world, though, if you come down on people over something which forces them to change the way they do things in any substantial way, they vote with their feet and go to some other provider who not only doesn't secure his mail relay, but ignores spam complaints, as well.
Current thread:
- Re: RBL-type BGP service for known rogue networks?, (continued)
- Re: RBL-type BGP service for known rogue networks? John Kristoff (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 07)
- RE: RBL-type BGP service for known rogue networks? rdobbins (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Peter van Dijk (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Eric A. Hall (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 08)
- Re: RBL-type BGP service for known rogue networks? Rodney Joffe (Jul 08)
- Re: RBL-type BGP service for known rogue networks? John Payne (Jul 09)
- Re: RBL-type BGP service for known rogue networks? Dana Hudes (Jul 08)
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 09)
- "top secret" security does require blocking SSH Greg A. Woods (Jul 09)
- Re: "top secret" security does require blocking SSH Alex Bligh (Jul 09)
- RE: "top secret" security does require blocking SSH Derrick (Jul 09)
- Re: "top secret" security does require blocking SSH Alex Bligh (Jul 09)
- RE: "top secret" security does require blocking SSH Roeland M.J. Meyer (Jul 09)
- RE: "top secret" security does require blocking SSH Christopher Palmer (Jul 10)
- RE: RBL-type BGP service for known rogue networks? Randy Bush (Jul 08)