[142305] in North American Network Operators' Group
Re: Address Assignment Question
daemon@ATHENA.MIT.EDU (=?UTF-8?B?SsOpcsO0bWUgTmljb2xsZQ==)
Mon Jun 20 21:29:13 2011
In-Reply-To: <BA5D534B-2E9B-4036-A7E2-CF72E405FAE5@dotat.at>
From: =?UTF-8?B?SsOpcsO0bWUgTmljb2xsZQ==?= <jerome@ceriz.fr>
Date: Tue, 21 Jun 2011 03:27:54 +0200
To: Tony Finch <dot@dotat.at>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2011/6/21 Tony Finch <dot@dotat.at>:
> Spamhaus. And none of your complaints apply to them.
Oh really ? So the blame is to throw at Google Docs administrators for
beeing blacklisted (on the SBL, which should contain only "verified
spam source", thus implying discussion with the service manager) ? And
BTW, who is Spamhaus to claim any legitimacy about who can or can't
register a domain ? (referal to the .at phishing campaign).
Alright, those are probably exceptions, and _some_ lists may be
usefull, but obviously noone can claim to have an efficient "zero
false-positive" list. Blindly relying on those lists _will_ lead to
false positives and are a comodity for mail server administrators that
might lead to sloopy filtering and weaker control over their mail
infrastructure.
Also, such lists are _centralized_ systems that *might* (worst case
scenario) be spotted for attacks. What would be your mail
infrastructure load if you rely on a list that disapear overnight ?
Yeah, right, anycasted DNS infrastructure, redundancy over 4
continents, that's fine for most of us ('til it fails).
In my opinion, the use of RBLs as a first level filter for incoming
mail, instead of greylisting, rDNS and strict protocol compliance
(cluttered with some Exchange bug-compatibility perhaps), is less
reliable, so it's against what I shall consider as a best practice.
I hope that clarifies my point of view, and please excuse me for the
previous insults, I just have a hard time reading "hey, my critical
services are dependant of an external, centralized entity with no
transparency and that's good for the Internet" without compulsive
expressions including F. words.
--=20
J=C3=A9r=C3=B4me Nicolle
