nanog mailing list archives

Re: RBL-type BGP service for known rogue networks?

From: woods () weird com (Greg A. Woods)
Date: Sun, 9 Jul 2000 22:30:56 -0400 (EDT)


[ On Sunday, July 9, 2000 at 20:51:23 (-0400), Shawn McMahon wrote: ]

Subject: Re: RBL-type BGP service for known rogue networks?

Unfortunately, it allows for contradictions in this discussion.


No, it doesn't, at least not so long as everyone understands the
differences in different policy requirements.

I happen to have several separate and distinct policy requirements for
my SMTP server(s):

        - don't ever accept e-mail from any known open relay or any
          network block which has known open relays but won't allow
          finer testing.

        - don't ever accept e-mail from any known dial-up address.

        - don't ever accept e-mail from any known spammer.

        - don't ever allow a remote SMTP server to forge its hostname.

        - don't ever allow the sender address domain to be invalid.

At least one pro-ORBS person has stated that individuals should make direct
SMTP connections instead of using their provider's server, and they could thus
avoid being subject to ORBS testing of their provider.

Oh, but sorry; if I do that, I can't send Greg A. Woods email, because his system
doesn't recognize the value in my system having the name "oa.eiv.com" all the
time, instead of me hacking together sed scripts to change my sendmail config
to read something like "user1432.fl.sprint-hsd.net" every time I get a new
dynamic IP.


You've confused my policy requirements.  Please see above.

If I switch to using my provider's SMTP server, now I have a security issue
because it's going through a server I don't control and which could conceivably
screw up and get itself ORBS-listed at any moment, completely outside my control.


Use PGP and encrypt your e-mail if you want security and control.

Either that or buy yourself a real Internet connection with a static
address and run your own *real* SMTP server.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>

Current thread:

Re: RBL-type BGP service for known rogue networks?, (continued)
- - - Re: RBL-type BGP service for known rogue networks? Valdis . Kletnieks (Jul 10)
    - Re: RBL-type BGP service for known rogue networks? Scott McGrath (Jul 10)
    - Re: RBL-type BGP service for known rogue networks? Brett Frankenberger (Jul 11)
    - OT: C&W Engineer Bradly Walters (Jul 11)
    - RE: RBL-type BGP service for known rogue networks? Sabri Berisha (Jul 09)
    - RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer (Jul 10)
    - RE: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 09)
    - Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 09)
    - Re: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 09)
    - Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 09)
    - Re: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 09)
    - Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 10)
    - Re: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 10)
    - Re: RBL-type BGP service for known rogue networks? Shawn McMahon (Jul 10)
    - Re: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 10)
    - RE: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 09)
    - RE: RBL-type BGP service for known rogue networks? Hal Murray (Jul 09)
    - RE: RBL-type BGP service for known rogue networks? Randy Bush (Jul 09)
    - RE: RBL-type BGP service for known rogue networks? Greg A. Woods (Jul 09)
    - RE: RBL-type BGP service for known rogue networks? jlewis (Jul 09)
- RE: RBL-type BGP service for known rogue networks? Richard A. Steenbergen (Jul 09)

(Thread continues...)