[82072] in North American Network Operators' Group
Re: E-Mail authentication fight looming: Microsoft pushing Sender ID
daemon@ATHENA.MIT.EDU (trainier@kalsec.com)
Fri Jul 8 15:44:30 2005
In-Reply-To: <20050706192326.GA20218@gsp.org>
To: nanog@merit.edu
From: trainier@kalsec.com
Date: Wed, 6 Jul 2005 15:49:08 -0400
Errors-To: owner-nanog@merit.edu
This is a multipart message in MIME format.
--=_alternative 006D642F85257036_=
Content-Type: text/plain; charset="US-ASCII"
> As we've seen over and over again, the one and only technique that has
> ever worked (and that I think ever *will* work) is the boycott --
> whether enforced via the use of DNSBLs or RHSBLs or local blacklists or
> firewalls or whatever mechanism. It works for a simple reason: it makes
> the spam problem the problem of the originator(s), not the recipient(s).
> It forces them to either fix their broken operation (any network which
> persisently emits or supports spam/abuse is broken) or find themselves
> running an intranet.
>
I agree that the "boycott" approach is effective. It does not, however,
completely resolve
the issue that is SPAM. First and foremost, it does not make the spam a
problem of the
originator at all times. The issue is directly illustrated with smtp
servers
that are RFC ignorant and don't notify the sender that an error occurred.
Sure, there's
not too much work involved, I'm asked about a message that was supposed to
be delivered,
nope it wasn't, must be an issue on your end. It still requires me to
look into the
problem. The second issue with boycotting, is the false positives. And
dhcp makes
this a nightmare issue because some blacklists are retarded about how long
entries
are left in the list.
Quite honestly, I think a good blacklist lookup and some sane bogon
filters is
relatively effective. Just be careful about what blacklist sites you use.
Some blacklist sites require you to pay them to have entries removed. You
can gurantee
a lot of false positives arise from using sites like these.
Or simply build your own. Rich is correct. The design and technology has
been in
place for at least a couple of decades. It does work, for the most part.
Tim
--=_alternative 006D642F85257036_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2><tt><br>
> As we've seen over and over again, the one and only technique that
has<br>
> ever worked (and that I think ever *will* work) is the boycott --<br>
> whether enforced via the use of DNSBLs or RHSBLs or local blacklists
or<br>
> firewalls or whatever mechanism. It works for a simple reason:
it makes<br>
> the spam problem the problem of the originator(s), not the recipient(s).<br>
> It forces them to either fix their broken operation (any network which<br>
> persisently emits or supports spam/abuse is broken) or find themselves<br>
> running an intranet.<br>
> <br>
</tt></font>
<br><font size=2><tt>I agree that the "boycott" approach is effective.
It does not, however, completely resolve</tt></font>
<br><font size=2><tt>the issue that is SPAM. First and foremost,
it does not make the spam a problem of the</tt></font>
<br><font size=2><tt>originator at all times. The issue is directly
illustrated with smtp servers</tt></font>
<br><font size=2><tt>that are RFC ignorant and don't notify the sender
that an error occurred. Sure, there's</tt></font>
<br><font size=2><tt>not too much work involved, I'm asked about a message
that was supposed to be delivered,</tt></font>
<br><font size=2><tt>nope it wasn't, must be an issue on your end. It
still requires me to look into the</tt></font>
<br><font size=2><tt>problem. The second issue with boycotting, is
the false positives. And dhcp makes</tt></font>
<br><font size=2><tt>this a nightmare issue because some blacklists are
retarded about how long entries</tt></font>
<br><font size=2><tt>are left in the list.</tt></font>
<br>
<br><font size=2><tt>Quite honestly, I think a good blacklist lookup and
some sane bogon filters is</tt></font>
<br><font size=2><tt>relatively effective. Just be careful about
what blacklist sites you use.<br>
<br>
Some blacklist sites require you to pay them to have entries removed. You
can gurantee</tt></font>
<br><font size=2><tt>a lot of false positives arise from using sites like
these.<br>
<br>
Or simply build your own. Rich is correct. The design and technology
has been in</tt></font>
<br><font size=2><tt>place for at least a couple of decades. It does
work, for the most part.</tt></font>
<br>
<br><font size=2><tt>Tim<br>
</tt></font>
--=_alternative 006D642F85257036_=--
