ietf-asrg
[Top] [All Lists]

Re: [Fwd: [Asrg] Re: Documents for LMAP BOF]

2004-02-17 09:01:57


On Tue, 17 Feb 2004, Alan DeKok wrote:

A week ago, Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
What I find problematic is that there is an existing identity in email - 
IP addresses. If blacklists are made to be more feature rich, possibly 
becoming reputation services, that might help. So I am not sure why 
going to domain identity or sender identity makes a difference.

  IP addresses are short-lived, and machines at an IP are being
hijacked to send spam.  You can't have a blacklist if one IP sends 10
spam in 5 minutes, and then disappears for a week.


But what is the harm in leaving the IP address in the database? If
tomorrow it isn't a spammer, it is still a dynamic IP address, and I don't
want mail from that address, do I? And tomorrow its new address goes on
the list. 

The difficult decisions in refusing mail come from IP addresses that send
both spam and legitimate mail, such as major ISP mail servers. A dynamic
IP address will hardly ever be the source of legitimate mail, so it isn't
a hard decision. 

Furthermore, an individual operating an MTA on a dynamic address doesn't
have much ability to pressure you to accept his mail. He is clearly
capable of using mailertable to divert mail to you through his ISP, or he
wouldn't be able to install Sendmail in the first place. And if he brings
up confidentiality concerns, you can decide for yourself if they are
relevant. 

I am aware that many people feel that RBLs can't do a good job on hijacked
PCs, but I haven't seen a convincing explanation yet. It may be that they
haven't done a good job yet, because not all the dynamic addresses are on
the RBLs yet. But it only takes time.



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg