[c-nsp] SMTP

Alexander Clouter alex at digriz.org.uk
Mon Mar 15 12:53:12 EDT 2010 

Hi,

* Drew Weaver <drew.weaver at thenap.com> [2010-03-15 12:18:01-0400]:
>
> Entities such as Senderbase and UCEPROTECT don't even use WHOIS 
> information so that point is irrelevant.
>
...entities such as ISP's and mail server administrators do maintain 
their own lists too so I think stating the point is irrelevant is a tad 
OTT. :)

In the case of Senderbase/UCEPROTECT, I got the impression it is the 
postmaster's 'crime and punishment' for using those lists in a boolean 
"OK" or "REJECT" fashion; much like those fools that want to 
outright trust spamcop?  That is putting aside the question of 'quality' 
in regards to those lists.

> Most people now-a-days don't report SPAM to abuse@ addresses because 
> they're either lazy or assume nobody is listening.
>
Well I personally still enjoy the warm feeling of my 10% "disconnected 
for AUP violation" success rate.  I do understand where you are coming 
from though on this.

I will admit, I do not wear the postmaster hat, but as a packet pusher I 
do use route blackholing for the unsavoury parts of the Internet[1].  
Without detailed WHOIS, abuse@ or PTR information I have no way in which 
to *whitelist* blackholed regions...once whitelisted on my LAN I can 
work with the blacklist maintainer to get them delisted.

Those people who choose not to have detailed PTR/WHOIS records should 
not expect people like me, who silently work on your behalf, to get them
whitelisted.

> We're getting into a 'list first, don't ask questions later' scenario 
> which is very frustrating for service providers.
>
Which then calls for an alternative strategy...

What I find frustrating is that service providers are not willing to 
pro-actively monitor their network for egress 'filth'.  I personally 
cannot believe that the RBN actually do have 6500+ IP ranges that they 
lurk on...I pro-actively whitelist and feed that information back to the 
maintainers.

What is stopping service providers having a bunch of perl scripts that 
daily check when IP's they are responsible for get listed?  It should be 
simply an extension of their NMS platform.  Once you have detailed 
WHOIS/PTR records you at least have something to point out to the 
postmasters, and the blacklist maintainers, to say "hey next time do 
*your* jobs properly". :)

Hell, Turknet should be sending me some bottles of Raki for getting one 
of their /16's turned into a handful of /32 listings. :)

</rant>

Cheers

[1] http://www.digriz.org.uk/route-blackholing

-- 
Alexander Clouter
.sigmonster says: Unix soit qui mal y pense
                  	[Unix to him who evil thinks?]

More information about the cisco-nsp mailing list