nanog mailing list archives
Re: BCP38 making it work, solving problems
From: "Edward B. Dreger" <eddy+public+spam () noc everquick net>
Date: Mon, 11 Oct 2004 18:12:45 +0000 (GMT)
RB> Date: Sun, 10 Oct 2004 20:14:01 -0700 RB> From: Randy Bush RB> when it solves critical problems, it'll grow more quickly. Maybe. * Use 25/TCP for SMTP and 587/TCP for submission * Block outbound SMTP by default, but allow for the clueful * Run SMTP authentication * Let each authenticated user have whitelisted sender addresses that they can use * Limit whitelist size * Add a delay and/or rate limit to whitelist additions. Not perfect, and certainly subject to social engineering and possible automated attack on the whitelist mechanism, but it should decrease the number of cable/DSL pipes filled with forged mail transmissions. This isn't the first time I've suggested it, and I'm sure others have, too. Not once have I received a response to the extent of "I'd love to implement this if it existed". People are worried about OPNs, not their own networks. IMNSHO, worrying about N-1 ASNs scales far more poorly than worrying about one ASN. Of course, note the parallel to BCP38; I'm sure someone will be quick to point out that, unless adopted universally, forged mail will still exist. Enter SPF as a bandaid on the receiving side, and rehash that discussion. Combine with BMF, DNSBLs, and one is well on the way to much cleaner mail. Has anyone on NANOG ever solved a jigsaw puzzle with 500+ pieces? Or are "age 2 to 4" puzzles too difficult, as even they tend to have around ten pieces per puzzle? Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses: davidc () brics com -*- jfconmaapaq () intc net -*- sam () everquick net Sending mail to spambait addresses is a great way to get blocked.
Current thread:
- Re: BCP38 making it work, solving problems J. Oquendo (Oct 10)
- <Possible follow-ups>
- Re: BCP38 making it work, solving problems Fergie (Paul Ferguson) (Oct 10)
- Re: BCP38 making it work, solving problems Dan Hollis (Oct 10)
- Re: BCP38 making it work, solving problems Randy Bush (Oct 11)
- Re: BCP38 making it work, solving problems Edward B. Dreger (Oct 11)
- Re: BCP38 making it work, solving problems Richard A Steenbergen (Oct 11)
- Re: BCP38 making it work, solving problems Daniel Senie (Oct 11)
- Re: BCP38 making it work, solving problems Richard A Steenbergen (Oct 11)
- Re: BCP38 making it work, solving problems Daniel Senie (Oct 11)
- Re: BCP38 making it work, solving problems Suresh Ramasubramanian (Oct 11)
- Re: BCP38 making it work, solving problems Christopher L. Morrow (Oct 11)
- Re: BCP38 making it work, solving problems Niels Bakker (Oct 12)
- Re: BCP38 making it work, solving problems Christopher L. Morrow (Oct 12)
- Re: BCP38 making it work, solving problems Paul Vixie (Oct 12)
- Re: BCP38 making it work, solving problems alex (Oct 12)