[170368] in North American Network Operators' Group
RE: why IPv6 isn't ready for prime time, SMTP edition
daemon@ATHENA.MIT.EDU (Naslund, Steve)
Wed Mar 26 18:11:20 2014
From: "Naslund, Steve" <SNaslund@medline.com>
To: MailPlus| David Hofstee <david@mailplus.nl>, Jimmy Hess
<mysidia@gmail.com>, "nanog@nanog.org" <nanog@nanog.org>
Date: Wed, 26 Mar 2014 22:10:49 +0000
In-Reply-To: <78C35D6C1A82D243B830523B4193CF5F75AE91A3DB@SBS1.blinker.local>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>>>Would it make it more unique; if I suggested creation of a new distribu=
ted Cryptocurrency something like 'MAILCoin' to track the memberships in=
the club and handle voting out of abusive mail servers: in a distributed
>>>manner, to ensure that no court could ever mandate that a certain IP
>>>address be accepted into the club?
>>>Not necessarily. But I haven't yet heard of any meaningful attempt to
>>>implement something like that. Obviously with IPv4; way too many
>>>"legacy" mail servers exist that will never bother to implement new
>>>protocols and practice improvements ---- even basic things, such as S=
MTP
>>>rejecting invalid recipients instead of sending unsolicited bounce repli=
es to senders (forged by spammers).
How about something much simpler? We already are aware of bandwidth caps a=
t service providers, there could just as well be email caps. How hard wou=
ld it be to ask your customer how many emails we should expect them to send=
in a day? We don't need to be precise about it, just within an order of m=
agnitude. For example, I could say that a residential user should not be o=
ver 750 a day and for a commercial user you could find out their projection=
and add to it to allow a reasonable headroom. Now, the service provider i=
s protecting us from pwned systems within their network. If I get a reside=
ntial customer asking for 100,000 emails per day I just might have some que=
stions for them. It also seems that it would be easy for the service provi=
der to send an alert to the customer telling them that they have hit their =
cap and make it easy for them to lift the cap if the traffic is actually le=
gitimate. If they are lifting their cap too often you could investigate or=
run their outbound email through some type of filtering solution to see ho=
w it scores.
Now, the providers that implement that system could be allowed to send me e=
mail and the ones that don't can't send me email. If this was adopted wide=
ly, it would put a lot of pressure on the service provider to get on-board.=
In that case your filters do not need to be that granular. This is not a=
spam proof solution but would cut down on the very high volume abusers. I=
t also helps deal with the service providers that condone that sort of stuf=
f and will punish them because you are going to lose customers fast if emai=
l from that provider is generally not accepted.
Maybe if we start scoring against the originating service provider, instead=
of address blocks and stop accepting email from them, they might do someth=
ing about the high volume offenders.
Steven Naslund
Chicago IL
