Hallam-Baker, Phillip wrote:
[Omitted having ISPs putting policy tags in their rDNS TXT entries]
This might be interpreted as breaking the end to end religion, but
people are already doing that of their own accord. I would rather have ISPs
open port 25 outgoing and label the connection honestly as residential than
have then block the port entirely to stop attacks from anti-spam vigilantes.
Problem is that this solves _none_ of the things you want it to.
1) What's to prevent the DDOS attackers from DDOS'ing the DNS servers
serving up the ranges they're spamming from? I sense yet another
business opportunity for the DDOSers - "pay us to blow the brains out of
your ISP's DNS servers!"
2) This treats only one current aspect of the spamming issue. We don't
want to block residential IPs per se, we want to block spam[+]. Might
as well have ISPs TXT-label their appropriate blocks as "SPAM SOURCES".
3) How are you going to get the ISPs to provide "OPEN PROXY" TXTs? Have
them scan their own IP ranges? If they're doing that, they should shut
'em _off_ instead [+]
4) How does "labeling" a block as residential (or even dynamic) "stop
attacks from anti-spam vigilantes"? If I know enough to attack an ISP
for spams from "residential and/or dynamic", I'm _already_ blocking the
damn things, and I'm complaining about the insistent and repeat spam
attacks continuing to chew up our resources. While it may seem
otherwise, most spam blocking mechanism "block first" and _only_ and
don't bother complaining.
[+] "residential blocking" only solves a small part of the _existing_
spam problem. Indeed, the traditional DHCP DNSBLs only block around 3%
of _all_ spam. Easynet's "residential blocking" (DYNABLOCK) only gets
it up to 10%, with a MUCH higher level of FPs. In constrast, some of
the well-targetted single-IP DNSBLs (CBL, the defunct UPL, SORBS
proxy/http etc) are achieving success rates nearing and some cases
greatly exceeding 50%, with much lower FPs. There's no way in heck that
ISPs can replace that functionality. Even if they wanted to.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg