North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: marking dynamic ranges, was fixing insecure email infrastructure
- From: Markus Stumpf
- Date: Tue Jan 25 12:59:22 2005
- Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey; d=space.net; b=powkPPL2qHJUnJSLsQl8eDu+RIdgLfpKMC+1vZDSr3qDW4ejrXAYg4T4O9IO7FyO ;
On Tue, Jan 25, 2005 at 12:22:33PM -0500, Valdis.Kletnieks@vt.edu wrote:
> Which would mean that if Suresh insisted on revDNS, he'd end up blocking
> only 2 hosts, but 40% of his legitimate mail would be dropped on the floor.
Correct. But neither MTAMARK nor I suggest blocking based on non
existant revDNS. The idea of MTAMARK is to add information to revDNS to
give the sending host either a better reputation or signal "do not accept
mail from that host". For the deployment of such information it makes a
difference if 40% of the hosts don't have revDNS or only 4%. With 4%
it may be worth the trouble convincing some admins and adding some local
whitelisting rules, with 40% you probably don't need to try starting at
> I'd *hope* that knowingly dropping 40% of the *legitimate* mail on the floor
> would be considered a CLM. But these days some providers seem to think
> "all of Europe" is a reasonable filter.....
Isn't this free market economy? They want to isolate themselves, it's
their decision. And IMHO "all of Europe" is more fair than "all of Europe
but not the five biggest ISPs".
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"