[81233] in North American Network Operators' Group
Re: Verizon is easily fooled by spamming zombies
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Jun 1 14:11:36 2005
To: Gadi Evron <ge@linuxbox.org>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>, nanog@nanog.org
In-Reply-To: Your message of "Wed, 01 Jun 2005 20:51:17 +0400."
<429DE785.6080405@linuxbox.org>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 01 Jun 2005 14:02:24 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1117648944_3453P
Content-Type: text/plain; charset=us-ascii
On Wed, 01 Jun 2005 20:51:17 +0400, Gadi Evron said:
> > If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse,
> > that's fine. But to say "only allow ISP.net from addresses - but allow
> > them from anywhere on the 'Net" is kinda ... silly.
>
> No, it makes perfect sense but that is the one thing I fear we'll have
> to agree to disagree on.
Nope, Patrick is right on this one. The ruleset that appears to be in effect
is:
"Anything from anywhere, even if it's from a hijacked box in Korea, can forward
through our server as long as it has a 'totallybusticated@ISP.net' From: on it,
but if one of our own customers tries to send through the server with a From:
that says 'customer@vanity.domain' they can't even if they pass an SMTP AUTH
check and prove they're ISP.net's customer..."
And that's borked and wrong.
> > The solution presented here is not only not a solution, it is also a
> > problem.
>
> Okay, then I suppose I don't understand the problem. How exactly do you
> mean?
See above - would you consider forwarding mail from outside ISP.net space
without an SMTP AUTH check just because it claims to be 'From @ISP.net'?
--==_Exmh_1117648944_3453P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCnfgwcC3lWbTT17ARAh50AKDoS/hLc1V63Ul8qsY2aaPEcsFIVgCg4yvR
zxLUM4TO7IWKCBYPUxQWKg0=
=Ei+y
-----END PGP SIGNATURE-----
--==_Exmh_1117648944_3453P--
