[74674] in North American Network Operators' Group
Re: BCP38 making it work, solving problems
daemon@ATHENA.MIT.EDU (Edward B. Dreger)
Mon Oct 11 14:13:16 2004
Date: Mon, 11 Oct 2004 18:12:45 +0000 (GMT)
From: "Edward B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@nanog.org
In-Reply-To: <16745.64121.277359.143790@ran.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
RB> Date: Sun, 10 Oct 2004 20:14:01 -0700
RB> From: Randy Bush
RB> when it solves critical problems, it'll grow more quickly.
Maybe.
* Use 25/TCP for SMTP and 587/TCP for submission
* Block outbound SMTP by default, but allow for the clueful
* Run SMTP authentication
* Let each authenticated user have whitelisted sender addresses
that they can use
* Limit whitelist size
* Add a delay and/or rate limit to whitelist additions.
Not perfect, and certainly subject to social engineering and
possible automated attack on the whitelist mechanism, but it
should decrease the number of cable/DSL pipes filled with forged
mail transmissions.
This isn't the first time I've suggested it, and I'm sure others
have, too. Not once have I received a response to the extent of
"I'd love to implement this if it existed". People are worried
about OPNs, not their own networks. IMNSHO, worrying about N-1
ASNs scales far more poorly than worrying about one ASN.
Of course, note the parallel to BCP38; I'm sure someone will be
quick to point out that, unless adopted universally, forged mail
will still exist. Enter SPF as a bandaid on the receiving side,
and rehash that discussion. Combine with BMF, DNSBLs, and one is
well on the way to much cleaner mail.
Has anyone on NANOG ever solved a jigsaw puzzle with 500+ pieces?
Or are "age 2 to 4" puzzles too difficult, as even they tend to
have around ten pieces per puzzle?
Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses:
davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net
Sending mail to spambait addresses is a great way to get blocked.
