[130504] in North American Network Operators' Group
Re: do you use SPF TXT RRs? (RFC4408)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Oct 4 17:29:20 2010
To: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: Your message of "Mon, 04 Oct 2010 17:05:12 EDT."
<AANLkTimS2j-DBL4=AXNZ4qZjMYs6FZvxk9Go_CJFVWYw@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 04 Oct 2010 17:28:11 -0400
Cc: "nanog@nanog.org list" <nanog@nanog.org>,
Greg Whynott <Greg.Whynott@oicr.on.ca>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1286227691_7884P
Content-Type: text/plain; charset=us-ascii
On Mon, 04 Oct 2010 17:05:12 EDT, Suresh Ramasubramanian said:
> dig throwaway1.com NS
> dig throwaway2.com NS
>
> etc etc ... and then check_sender_ns_access in postfix, for example.
Yes, that *is* better than whack-a-mole on the same DNS server, but...
The NANOG lurker in the next cubicle used to do that. Turned out the
bang-for-buck wasn't as good as we hoped - it doesn't take too many
false-positive errors blocking 20,000 domains hosted on the same DNS server as
one spammer before the collateral damage becomes too painful. Our cost of
dealing with a false positive is a lot higher than a false negative, especially
once you factor in goodwill - people don't like spam, but a false positive on
something they consider important causes more ire than 10x as many false
negatives.
That, and when our block list hit 150K entries or so, its size caused *other*
issues with various things that were never designed for block lists quite that
big...
--==_Exmh_1286227691_7884P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMqkbrcC3lWbTT17ARAhOtAJ4t8/i0LSEU8DTbLvTP51+2ViltOwCfcThQ
fKb4OgGGbISlJh1k28KMPa8=
=dzG2
-----END PGP SIGNATURE-----
--==_Exmh_1286227691_7884P--
