[29923] in North American Network Operators' Group
Re: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Sun Jul 9 22:33:46 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@weird.com (Greg A. Woods)
To: Shawn McMahon <smcmahon@eiv.com>
Cc: nanog@merit.edu
In-Reply-To: <20000709205123.A22212@eiv.com>
Reply-To: woods@weird.com (Greg A. Woods)
Message-Id: <20000710023056.8E902E0@proven.weird.com>
Date: Sun, 9 Jul 2000 22:30:56 -0400 (EDT)
Errors-To: owner-nanog-outgoing@merit.edu
[ On Sunday, July 9, 2000 at 20:51:23 (-0400), Shawn McMahon wrote: ]
> Subject: Re: RBL-type BGP service for known rogue networks?
>
> Unfortunately, it allows for contradictions in this discussion.
No, it doesn't, at least not so long as everyone understands the
differences in different policy requirements.
I happen to have several separate and distinct policy requirements for
my SMTP server(s):
- don't ever accept e-mail from any known open relay or any
network block which has known open relays but won't allow
finer testing.
- don't ever accept e-mail from any known dial-up address.
- don't ever accept e-mail from any known spammer.
- don't ever allow a remote SMTP server to forge its hostname.
- don't ever allow the sender address domain to be invalid.
> At least one pro-ORBS person has stated that individuals should make direct
> SMTP connections instead of using their provider's server, and they could thus
> avoid being subject to ORBS testing of their provider.
>
> Oh, but sorry; if I do that, I can't send Greg A. Woods email, because his system
> doesn't recognize the value in my system having the name "oa.eiv.com" all the
> time, instead of me hacking together sed scripts to change my sendmail config
> to read something like "user1432.fl.sprint-hsd.net" every time I get a new
> dynamic IP.
You've confused my policy requirements. Please see above.
> If I switch to using my provider's SMTP server, now I have a security issue
> because it's going through a server I don't control and which could conceivably
> screw up and get itself ORBS-listed at any moment, completely outside my control.
Use PGP and encrypt your e-mail if you want security and control.
Either that or buy yourself a real Internet connection with a static
address and run your own *real* SMTP server.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
