ietf-mxcomp
[Top] [All Lists]

RE: Wide-Open MADRID

2004-06-01 11:36:14

Maybe given few days work they could get all those down to a /24.
Maybe even a whitelist for those precious few domains that /24 is not
sufficient. (Which would work well with the 'Best Practices' policy)

 I recognize that we are trying to protect our 'own' reputations here
but if birds of a feather don't flock together, those that don't reign
in their systems when publishing SPF's will cause us all grief.
I would be interested in Microsoft's comment to the 'Best Practices'
suggestion. (which if that is all I can get, that is what I will take)

I am not really concerned about those that will do it right because that
is not really the issue.
The problem is that using wide-open Madrid, one spammer can reference
another. This makes domain blocking hopeless and puts me back in the
business of blocking single IP's or doing the extra work to try to
figure out their netblock manually because I cannot explicitly
'distrust' anyone.


Ok. I am well over my 3 posts per day limit. Thank you all for putting
real thought into this.
Hopefully we can come up with a good compromise. I like the 'Best
Practices' verbiage and hopefully we can incorporate those into the
wizards.

Regards, 
Damon Sauer 



-----Original Message-----
From: Bob Atkinson [mailto:bobatk(_at_)exchange(_dot_)microsoft(_dot_)com]
Sent: Tuesday, June 01, 2004 1:43 PM
To: Sauer, Damon; ietf-mxcomp(_at_)imc(_dot_)org
Subject: RE: Wide-Open MADRID


There are domains out there (admittedly few, but they exist) for which
/24 is quite insufficient in scope.

Consider, for example

        http://www.lessspam.org/CallerIDPolicyWizard?domain=hotmail.com 

and look at the computed summary of the addresses of Hotmail's outbound
server. Yes, there really are thousands of them (all the servers hosting
web mail worldwide can send mail directly), and this is as best as we've
been able so far to pin them down.

(BTW: This is a beta of a policy editor we've been writing; we'll be
updating it to the new syntax as soon as possible and eventually rolling
it out to our main site. If you happen to find a bug, or just want to
comment, we'd appreciate hearing your thoughts if you have the time.)

To me, MARID et al has always been about protecting your OWN reputation,
preventing the forgery of mail.

If a given domain doesn't wish to protect itself, and so either doesn't
bother to publish records or publishes very weak ones, then it's only
that domain that doesn't get better than status quo protection. Why
should other domains care?

This isn't a silver bullet. There's nothing we can do to prevent
spammers from setting up their own domains (or hundreds or thousands of
them) and being fully MARID compliant within those, WHATEVER rules we
come up with. So artificially limiting the scope / size / whatever that
a domain can send from causes hurt for zero gain.

        Bob



-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
mxcomp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Sauer, Damon
Sent: Friday, May 28, 2004 10:33 AM
To: ietf-mxcomp(_at_)imc(_dot_)org
Subject: Wide-Open MADRID
Importance: High



Lets say that Joe Jobs has an SPF record of: "v=spf1 mx ptr
ip4:69.0.0.0/7 -all"

 This is a valid record, and since he is coming from: 69.87.x.x it is
acceptable.  But now I find out he is a spammer. I can't block
69.0.0.0/7 so now I am stuck denying specific IP's again.

 Has this been discussed already and maybe I missed it (completely
possible)

 If not, maybe we can call any CIDR under /24 invalid?
Or find some way to validate the SPF netblock they list?

 I notice AOL is a /24 but many spammers on the list I created for
"Measuring MADRID" are a /19.

Regards,
Damon Sauer
postmaster(_at_)BellSouth(_dot_)com

BellSouth. Listening. Answering(SM).
BellSouth Long Distance... Same Company, Longer Distance.



-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Eric A. 
Hall
Sent: Friday, May 28, 2004 1:17 PM
To: Hallam-Baker, Phillip
Cc: Bob Atkinson; Gordon Fecyk; ietf-mxcomp(_at_)imc(_dot_)org
Subject: Re: Wild card MXes




On 5/28/2004 10:17 AM, Hallam-Baker, Phillip wrote:

The type of solution being proposed would not be acceptable [...]

Thus it came to pass that Microsoft's multi-billion dollar
"commitment"
to mail technologies was brought to a halt by the overwhelming and
incomprehensible demands of a UI widget that could display an RR to
the
system administrator.

--
Eric A. Hall
http://www.ehsco.com/
Internet Core Protocols
http://www.oreilly.com/catalog/coreprot/


*****
The information transmitted is intended only for the person or entity
to
which it is addressed and may contain confidential, proprietary,
and/or
privileged material.  Any review, retransmission, dissemination or
other
use of, or taking of any action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited.
If
you received this in error, please contact the sender and delete the
material from all computers. 113




<Prev in Thread] Current Thread [Next in Thread>