ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] mail security

2009-01-23 08:17:00
from [Ian Eiloart] [Permanent Link] 


--On 23 January 2009 08:08:41 -0500 Rich Kulawiec <rsk(_at_)gsp(_dot_)org> 
wrote:


On Fri, Jan 23, 2009 at 11:00:26AM +0000, Ian Eiloart wrote:

Well, I don't think we have the staff capacity to do that.


It's not really that difficult, if well-organized.  Having done this
in practice for a number of years, I can report that my experience has
been that nearly all such requests can be denied on inspection -- to
the point where I've scripted much of it.  For example: all requests
to whitelist the incompetently-managed and spammer-infested domain
"yahoo.com" are automatically denied.  All requests to whitelist domains
that have been placed in the local blacklist (which is done only after
considerable study) are denied, since there is never any reason to
delist any known spammer.  The ones that actually merit attention and
might result in action are almost always transient, accidental cases:
e.g., example.com is a long-time source of non-spam mail but fubar'd
their DNS while making a change, and we need to exempt them from
DNS checks while they work it out.
Yes, yes, yes. But I want to do something smarter that that, with more granularity. OK, I'm not going whitelist "yahoo.co.uk" or any of the other well known ESPs. However, I'm not going to spend staff time (there's me versus 16,000 users here) on determining whether foobar(_at_)yahoo(_dot_)com is really a friend of barfoo(_at_)sussex(_dot_)ac(_dot_)uk 



One thing that's quite revealing is how many users ask for obvious
phish domains to be whitelisted.  Were the process automated, without
human review, any number of fake eBay and Chase and Visa &etc. domains
would have long since been repeatedly whitelisted.

I'm skeptical about the merits of doing per-address whitelisting, even
though I do some of it.  On the one hand, it accomodates people who are
stuck with poorly-run systems and networks.  On the other hand, it removes
much of their motivation to agitate for a change in that situation.
I've a lot of sympathy with that. And, I currently don't do any whitelisting, and that's part of my reasoning. However, it does mean that spammers are making it harder to create working email communications systems, and that our anti-spam systems are often merely RFC compliance enforcement systems. I'd rather be fighting evil than incompetence! 


A compromise that I've used, some of the time, is to provide them with
service, but slower/degraded service, and explain to them that I'd be
delighted to extend to them the same privileges as others enjoy, but
that their operation needs to step up the responsibility that goes
along with that.  Sometimes this works, other times it fails.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg




--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] mail security, Rich Kulawiec
Next by Date:  Re: [Asrg] Meta channel, not bounces (was: Re: where the message originated), Rich Kulawiec
Previous by Thread:  Re: [Asrg] mail security, Rich Kulawiec
Next by Thread:  Re: [Asrg] mail security, Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]