[Top] [All Lists]

Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

2020-09-27 11:33:06
"John R Levine" <johnl(_at_)taugh(_dot_)com> writes:

Anything that comes from a dynamic or NAT pool is invariably spam from
a botnet.

No, because nobody is looking that closely.

Sorry, but you're just wrong.  We absolutely look that closely.  I know
people who maintain pools of patterns to recognize dynamic pool rDNS
which lots of people use in their spam scoring.

It's effectively impossible to get reliable mail delivery from a dynamic
pool these days because of how frequently it is used for spam (so
providers start blocking outbound 25) and as a spam signature (because
it's so frequently used for spam).  Therefore people (like me) who would
happily be sending mail directly from dynamic ranges instead configure our
systems to route through a cloud server with a static IP address, and
therefore show up in your statistics as reinforcing that all mail comes
from static IPs.

In other words, I think you're both right.  Keith is clearly correct that
we accepted a whole lot of false positives and discarded a lot of valid
mail when we started down the path of blocking all mail from dynamic
ranges, but that was the tradeoff decision that most of the mail
recipients made at the time (for defensible reasons).  It's now become a
self-sustaining situation: it's so widely known that dynamic ranges are
just spam that deliverability is awful, and therefore legitimate senders
are effectively forced to go extra expense to avoid using dynamic ranges,
and therefore nearly all mail still sent from dynamic ranges is spam.

I think one can argue about whether or not it was a bad tradeoff, but at
this point I think it's water under the bridge and I find it hard to
imagine how we would reverse those decisions.  They weren't standards
decisions; they were decisions made by an ad hoc consensus of mail

Russ Allbery (eagle(_at_)eyrie(_dot_)org)             

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>