On 05/05/04 07:16 -0700, Hallam-Baker, Phillip wrote:
Because you probably won't continue to block their messages, once they
(for example) start spewing through the zombie armies.
It is completely illogical to block mail from a provider because
they have a zombie on their net. There is not a single ISP in this
country who could guarantee that they did not have any.
Practically no one does that. Responsive ISPs are whitelisted, or at
least not blackholed.
The way to deal with zombies is to have a better response protocol
to put ISPs on notice that they have a problem with a particular
address. Most ISPs do not want to be hosting zombies on their net
abuse(_at_)example(_dot_)com is designated for that purpose.
and they will kill them the moment they find out about them. That
is if the comunication reaches the right part of the company.
A lot of ISPs do not kill infected PCs. That is the part of the
fundamental problem with zombies.
Blacklisting zombies is certainly legit. But blacklisting every other
user of that ISP is not.
With dynamic IPs, I don't know what IP the zombie has next time. So I
just hit the /24. It seems to work quite well. (And I whitelist my
frequent senders so that there are no DNSBL lookups done for those
hosts).
Would you rather that the smarthosts provided by the ISPs be
blacklisted?
Devdas Bhagat
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg