Re: Lazy network operators - NOT

[Steven Champeon <schampeo () hesketh com>]

on Sun, Apr 18, 2004 at 04:33:18PM +0000, Paul Vixie wrote:
> > Maybe a stupid question... But if broadband providers aren't going to do
> > this, and considering there are way less legitimate SMTP senders than
> > broadband users, wouldn't it make more sense to whitelist known real SMTP
> > sources rather than blacklist all addresses that potentially have a fake
> > one?
>
> that's not a stupid question, and you're right that statistically it's better
> engineering to make a small list of good things than large lists of bad ones.
> IETF MARID, my own MAIL-FROM, somebody's SPF, yahoo's "domainkeys", and lots
> of other people are working on what amounts to "a whitelisting solution", and
> in a few more years you might actually see some results along those lines.

We've had to do that here, simply to keep our own local antispam efforts
from inadvertently blacklisting "legit" mail servers. So far, with
relatively meager traffic over a year, I have a list of ~1300 legit mail
servers I want to block but can't, due to their assumed legit-to-spam
mail ratios, and another list of ~13,000 from whom I no longer accept
null sender mail because they accept-then-bounce to forged senders.

I haven't tried to assemble a list of all legit mail servers, though, as
I've yet to see a definition of "legit" I can sit comfortably with. Some
days, the line is drawn here, and others, it's drawn there. So, instead,
I just keep track of those I'd like to block but can't, for whatever
reason; those I block selectively; I whitelist a few more, and suffer.

Steve

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today!
http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/