[In the message entitled "Re: Schneier: ISPs should bear security burden" on May 1, 12:25, "Jay R. Ashworth" writes:]
Ok, so here's a question for your, Dave:
do you have a procedure for entertaining requests to be excluded from
your replies from people with legitimate needs to operate MTA's, who
have been given (let us say) static addresses by their providers which
fall within a range you understand to be dialup?
(I'm assuming you include cable and DSL end-user address pools; this is
the sort of thing I'm asking about.)
Of course, Jay.
First off, static addresses don't belong on the DUL (unless the ISP
chooses to list them).
Second, any address can be removed by the ISP (even if it is a /32 in
the middle of an otherwise all dynamic /16). End-users are directed
to have their ISP contact us, as we *do not* take the end-users word
for it.
A quick note to dul@mail-abuse.com will get it handled.
In article <m1DSI5v-008i6YC@rdaver.bungi.com> you write:
[In the message entitled "Re: Schneier: ISPs should bear security
burden" on May 1, 12:25, "Jay R. Ashworth" writes:]
Ok, so here's a question for your, Dave:
do you have a procedure for entertaining requests to be excluded from
your replies from people with legitimate needs to operate MTA's, who
have been given (let us say) static addresses by their providers which
fall within a range you understand to be dialup?
(I'm assuming you include cable and DSL end-user address pools; this is
the sort of thing I'm asking about.)
Of course, Jay.
First off, static addresses don't belong on the DUL (unless the ISP
chooses to list them).
Second, any address can be removed by the ISP (even if it is a /32 in
the middle of an otherwise all dynamic /16). End-users are directed
to have their ISP contact us, as we *do not* take the end-users word
for it.
A quick note to dul@mail-abuse.com will get it handled.
Actually I think there are multiple classes in DUL.
Most people using DUL for blocking want to detect the
unfiltered addresses. Filtered address space poses no more
risk than any space not on the DUL and may infact pose less
risk as you know that requires a deliberate act by the ISP
to allow outgoing SMTP connections.
Whats needed is two lists. One for the unfiltered and a
second for the filtered addresses. The second one can be
used as a white list for those who insist on using name-patterns
to block addresses.
We already have evidence in this thread of one person using DUL
as a white list.
By continuing to lump filtered and unfiltered addresses together
you are throwing out the baby with the bath water.
I don't see the need to distinguish between static and dynamic
address. All address space can be classes as static / dynamic
depending upon the time frame the address use is measured over.
By continuing to lump filtered and unfiltered addresses together
you are throwing out the baby with the bath water.
the smtp protocol was designed in a time when ~Mbit/sec connections did not
yet exist, and ~10Kbit/sec connections cost many thousands of dollars per
month, and were used only by people who could prove membership in an
established meatspace trust fabric ("i have a gov't research contract")
and whose hosts cost hundreds of thousands, or millions, of dollars, each
having dedicated technical staff.
expecting the same protocol to be used when ~Mbit/sec connections are held
by hundreds of millions of uneducated users with hundred-dollar hosts is
absurd. but in spite of enhancements like EHLO and AUTH, most internet
e-mail is sent with the same level of authentication/confidence as before.
the natural market outcome is to throw a lot of babies out with bathwater.
see http://www.isc.org/personalcolo/ for the longer version of this rant,
and just know that i reject ~many spams a day by refusing all mail from
SBC's DSL blocks, with ~few false positives. that's SBC, alone.
if you want different bathwater, it is available. there are still
high-rent neighborhoods with high default expectations of the quality of
traffic emanating from same. live in one, or at least rent a mailbox in
one. asking people to accept e-mail from DSL networks is absurd, since
they would have to act against their own best interests, and they ~know it.