-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel Feenberg wrote:
Isn't the solution to decline ALL mail from obvious pool addresses? I
hear the argument that you can't put pool addresses in a DNSBL because
next week the bot will have a different address. So put the whole pool
in the BDSBL. Again, I hear the argument that a legitimate MTA may get
the address next. In our tests last year we didn't find any legitimate
correspondes (to us) behind pool addresses. I hesitate to say so, but
isn't much of the noise from critics of blocking pool addresses from
self=styled political revolutionaries and paedophiles who (mistakenly)
think that the FBI won't read mail if it doesn't travel through the ISP
MTA? As for the operators who claim that their ISP MTA is slow, can't
those handfull of malcontents just get another smarthost? (see
http://www.nber.org/sys-admin/smarthost.html ) I'd be willing to do
without their messages in the meantime.
Looking at my after-Spamhaus connecting MTAs, virtually all are pool
addresses, or no reverse name lookup. Do other MTAs get legitimate mail
from pool addresses? Spamhaus has just last week started to offer a
listing of dynamic addresses, but it is only mildly effective so far.
But so far no FPs, either.
[Aside: the PBL (Spamhaus's "policy blacklist", which is essentially the
same as "pool addresses" was pre-primed with NJABL dynablock and has
been growing since. That is _not_ "mildly effective". See
http://www.sdsc.edu/~jeff/spam/cbc.html]
In the large scale the difficulty is identifying what's a "pool". One
effort to determine that in terms of rDNS names is called "Enemies List"
(aka "EL") - which is some 15,000 regexes. That's 3 years of
accumulated knowledge by the guy who runs it.
Many ISPs aren't good at naming of pools and properly renaming them when
the machine becomes "non-generic", or placing non-pool in the middle of
pools. So there is always a significant problem with non-poolish
machines having poolish names. There's a substantial number of
providers who don't understand that naming their servers (mail or
otherwise) something other than 1.2.4.5.example.com is bad.
An effort to RFCize (probably BCP) naming conventions has been going on
for quite some time by one "lone crusader", but unfortunately, _even_ on
the anti-spam side where they'd really love to see it, it's long been
dismissed as foolishly naive and will never happen.
EL and PBL/dynablock _work_ rather well. But, don't kid yourself, there
are FPs with it. It isn't a solution per-se, perhaps best demonstrated
that despite how good they are, the XBL still does better.
The problem isn't just pool addresses, much as it isn't just other subsets.
Even if it were "the solution", the PBL with something like 5-6 years of
accumulated "pool addresses" behind it (from many many sources) should
demonstrate that it's no easy task. Pool listings are _frightfully_
expensive in man-hours to maintain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQCVAwUBRb9rF53FmCyJjHfhAQJdnQP9E/fAOm6BCZcjNuDDWArJMCxfN3xswKJx
H4+a95UR576nZGiQRnZJzg8XvnqJw8dcZkv/IMNZSTrw1Oz2IBZqTSQ2NNfSZmCH
ZLGNYhY+osN4Lj18lq0ujUsbXVc0qrmp8Iu6AcrBE1fD1qLNSUSwjvdRjDe6jlXK
IxvNIqAV3yU=
=ywLI
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg