Lazy network operators - NOT

Paul_A_Vixie · April 18, 2004, 2:55pm

I suggested using something like HINFO in the in-addr.arpa address
zones for service providers to give similar information about IP
addresses. Yes, I know, using DNS for yet something else. LDAP or
RWHOIS or any other global mechanism could be used.

more uses for dns is actually a good thing in my opinion. but this isn't
one of the times when hierarchical autonomy is the best data model -- we
already know that the average broadband provider is not even aware of their
role in the overall spam problem, and does not have the budget to employ
anyone who could (a) become aware of an HINFO-like registry, (b) know what
category their netblocks belong in, (c) have the technical ability to update
the RFC1101-like info at the apex of the appropriate zones, and (d) get
approval from management/legal/marketing/sales to put this data in. so,
it's going to have to be an external entity like a RIR or DNSBLP who runs
a global "BBL" and externally categorizes these netblocks.

If you don't want to accept connections from indeterminate or
unauthenticated addresses, its your choice. If you are a porn vendor
and don't want K12 users to accidently stumble on to your web site,
its your choice. If you are a credit card vendor and don't want to
accept credit card orders from prisons or jails, its your choice.

yes, that's how it works, it's just that right now there's no way to know,
and the way-to-know that you proposed requires broadband gross margin not
in evidence (or expected to appear).

Iljitsch_van_Beijnum · April 18, 2004, 4:11pm

Maybe a stupid question... But if broadband providers aren't going to do this, and considering there are way less legitimate SMTP senders than broadband users, wouldn't it make more sense to whitelist known real SMTP sources rather than blacklist all addresses that potentially have a fake one?

This has the advantage that he solution stays in the hands of the people who are experiencing the problem: SMTP operators.

It would be important to make this a list of legitimate SMTP hosts only, and NOT a list of non-spammers, as the former can be determined through technical means (1) and the latter is open to endless debate. (As we can see with pretty much all existing blacklists.)

(1) I'm assuming spamworms won't be sporting an I-can't-believe-this-isn't-a-real-MTA any time soon.

Rik_van_Riel · April 28, 2004, 5:41pm

However, spamtrap-driven blocklists can use such a list
to be less aggressive in listing said SMTP hosts. In fact,
I've been planning to create such a list myself, in order
to reduce the false positive rate of the PSBL.

Guess I'll have to let NANOG know when it's up and running.

I am planning to use some of the DSBL server side software
to implement such a "white"list here, with the extra that
admins can specify the preferred abuse address for the IP
addresses they add to the list.

3 years ago, I'd have never thought that mail servers
would be a minority of the SMTP senders out there, but
here we are ...

Rik