From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]
On Behalf Of Daniel
Sent: Thursday, February 12, 2004 7:50 AM
To: Jose Marcio Martins da Cruz
Cc: Eugene Crosser; Yakov Shafranovich; ASRG
Subject: Re: [Asrg] 2. Improving Blacklists and Reputation Services
On Thu, 12 Feb 2004, Jose Marcio Martins da Cruz wrote:
Eugene Crosser wrote:
On Wed, 2004-02-11 at 20:02, Jose Marcio Martins da Cruz wrote:
This may indicate that many spam is sent by a distributed system of
workers, and not by open relays.
If this is the case, and if this kind of way continues - the tendance
will be to have more and more IP addresses to be inserted on
But if we agree that great majority of spam comes from zombies, why
should we continue to use blacklists.
We use blacklists and we have one DNS server serving rbl requests.
named process in this machines eats almost 900 MBytes of memory. Sure,
memory is cheap, disk is cheap, bandwidth is cheap - but ther's a
limit if blacklists are less efficient than other methods.
Or maybe I'm wrong.
Can you explicate further? I would have thought that zombies were
an ideal target for an RBL. They produce only spam, so there is no
problem of blocking legitimate mail and their owners do not complain
about the listing.
AFAIK blacklists work on blocking "subnets" worth of IP's so one zombie can
windup blocking an entire domain, of if say you are in a web-hosting farm
possibly a group of domains. I think this has been done for two reasons:
1) much simpler and economic to maintain such a list.
2) more incentive for a "legit" ISP / WebHost provider to "clean house".
Of course if the IP address dynamically assigned, there is the remote
possibility that the next user will have legitimate mail, but this writer
at least believes they should forward that to an MTA with a static
address. It would be helpfull in defusing some of this controversy
I think you are mostly right, about the sending mta I think in the end that
the entity that has the address block and ASN number related to it has to be
in a position of some responsibility for what traffic they allow across
their network. While this topic can get very nasty and ugly (eg p2p
fileshare) in the area of email I personally feel it's very clear that
allowing random IP's to act as servers of email services is a problem.
How to fix it is coming into focus as we all work on the problem.
As for "Of course if the IP address dynamically assigned, there is the
remote possibility that the next user will have legitimate mail"
Well that's a very dynamic problem, rather like computing odds on a winning
lotto # which will vary over time based on ticket purchases and other
if sendmail had a "dynamic IP" option which caused it to use the smarthost
if and only if the direct route was blocked. It is quite possible that
many of these users wouldn't notice the difference, and only care because
it bit them unexpectedly.
As to memory usage of BIND, by the time every possible IP address needs to
be in the RBL, memory will be cheap enough to make this possible.
Asrg mailing list
Asrg mailing list