ietf-asrg
[Top] [All Lists]

Re: [Asrg] How about we do something about spam?

2007-01-30 11:51:13
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Feenberg wrote:
On Tue, 30 Jan 2007, Chris Lewis wrote:

[Aside: the PBL (Spamhaus's "policy blacklist", which is essentially the
same as "pool addresses" was pre-primed with NJABL dynablock and has
been growing since.  That is _not_ "mildly effective". See
http://www.sdsc.edu/~jeff/spam/cbc.html]


The addition of the PBL to the sbl-xbl mildly increased the
effectiveness of blocking. I agree that the total amount blocked is
substantial, but the PBL does not yet contribute much.

Even incrementally.  Check out Makey's stats.  Going from 80K -> 100K
ain't small potatoes, when you consider that even _before_ that,
Spamhaus typically been 70-85%.

Many ISPs aren't good at naming of pools and properly renaming them when
the machine becomes "non-generic", or placing non-pool in the middle of
pools.  So there is always a significant problem with non-poolish
machines having poolish names.  There's a substantial number of
providers who don't understand that naming their servers (mail or
otherwise) something other than 1.2.4.5.example.com is bad.


Of course the nicest naming scheme is 1.2.3.4.pool.example.com, and the
worst is pool-1-2-3-4.example.com, simply because of the way dns
wildcards work. *.pool.example.com is only one line. pool*.example.com
is supported by bind (or anything else that I know of).

When it boils down to it that that sort of difficulty makes little
difference to the concept.  Even if you had almost "perfect" pool
coverage, there's still a _very_ high volume of junk from non-pool areas.

The problem isn't just pool addresses, much as it isn't just other
subsets.

I don't understand - why is that an argument against solving part of the
problem?

It isn't, only that it's perhaps not as major a contributor to the
solution as it may appear to you.

Even if it were "the solution", the PBL with something like 5-6 years of
accumulated "pool addresses" behind it (from many many sources) should
demonstrate that it's no easy task.  Pool listings are _frightfully_
expensive in man-hours to maintain.

More expensive than fixed sources of spam? The PBL is handicapped by its
rule not to list any address without the permission of the ISP. When
they drop that rule and it will be quite effective.

Ah, no.  You're missing some important detail about the PBL.  Go reread
the PBL web pages, and understand the difference between the 127.0.0.10
and 127.0.0.11 returns.

One has to remember that MAPS killed open relays quite quickly -
behavior modification works. The operators of MTAs behind generic
addresses are almost all insignificant and can easily adopt a smarthost
once they realize they need one. I understand it is hard to make major
ISPs kowtow to RFCs. This isn't in that league of difficulty at all.

I have a lot of experience behind trying to deal with people on "pools".
 It's not as simple as you think.  Not the least being the vast number
of poorly enumerated pools.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRb+S2p3FmCyJjHfhAQL1/AQArrIbfoy/r+zl/4+QeEeC3LcfmWebBHR9
khwVH8CEJh94lr3Dr0KViwF4HyVO/dp107b3DEZQmMYcIYM7woOALnq/ladTx7D/
zvGi524PZqiE8a4mAqzcAkWuTk/sInGAbrZbxu/q/PLspyd9ZdJochJga8Tr7kRY
Ax/fQaJrSRg=
=ZMQX
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>