[119604] in North American Network Operators' Group
Re: AT&T SMTP Admin contact?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Nov 24 18:18:20 2009
To: Brad Laue <brad@brad-x.com>
In-Reply-To: Your message of "Tue, 24 Nov 2009 16:38:33 EST."
<2AFB0EFD-0BFB-469A-AC46-4A3650C0F3CA@brad-x.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 24 Nov 2009 18:15:52 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1259104552_3129P
Content-Type: text/plain; charset=us-ascii
On Tue, 24 Nov 2009 16:38:33 EST, Brad Laue said:
> True, but wouldn't a blacklist of SPF records for known spam issuing
> domains be a more maintainable list than an IP block whitelist?
>
> (I'm no doubt missing something very obvious with this question)
140M+ .com where a malicious DNS server in East Podunk can be authoritative for
a domain actually in Bratslavia and domains are cheap and throw-away.
16M /24's, where you (mostly(*)) need to be able to actually route the packets,
so if you have a /24 in Bratslavia, you need something resembling a router
in Bratslavia as well, and somebody willing to light up the other end of
the cable, and you need a way to make BGP announcements (legal or otherwise ;)
to be able to exploit it.
Choose wisely which you'd rather use for defense.
(*) Mostly - though the BGP hack demonstrated at last year's DefCon
did qualify as an Epic Win for kewl presentations. ;)
--==_Exmh_1259104552_3129P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFLDGkocC3lWbTT17ARAiQhAJ9r2ZN4tu0t9/ppxlnNe5aVQrWECACdEpM/
GMXlf6aFD3+HDAIKObD2N+0=
=U0+x
-----END PGP SIGNATURE-----
--==_Exmh_1259104552_3129P--
