From: william(at)elan.net
Sent: Wednesday, July 07, 2004 1:04 AM
<...>
As for your concerns, while spammers who want to continue using zombies
may try to override PTR records, to do so will require them to have their
own domain and set its dns with specific SPF record that specific
zombie ip.
Having to do something like that makes it possible to tell which spammer
"ownes" which zombies and will allow to significantly help law enforcement
in tracking spammers and proseuction.
I do want to point out that when overriding PTR SPF -all, the domain
should not be whitelisting entire net (+all or 0.0.0.0/0) or
large size ip
blocks (like all comcast cable blocks), for this reason I think we should
have additional rules that overriding ptr requires whitelisting of that
specific ip on its own and not by means of ip block statement or by using
complex redirect statement. Or maybe this is something to think about for
the future if we really see serious abuse.
I don't think we need to wait for serious abuse, as this is a spammer's
dream scenario. They just have to designate a few /16 dialup pools and they
have all the zombies they could ever want. This is why, IMHO, the override
is unworkable. If Earthlink says, "none of these machines can directly send
mail", that should be the end of the story. No outside domain owner has any
right to say how those lines can be used. They are not the domain owner's
property.
<...>
Dynamic IP blacklists are already incredibly useful. More and more
responsible ISP's are using them.
ISPs use them and at the same time hate them because of how many
complaints
regarding legitimate emails not getting through they receive. The want
something better that will let ISPs identify each other's dialup pools.
Don't agree with me? Ask your ISP tech support personal!
It doesn't really matter if the tech support people at my ISP dislike
dynamic IP blacklists. I like them, as do their other customers, and we pay
their bills. I like blacklists because any rejection causes a DSN, which at
least allows my business contact to know their email wasn't delivered. They
can then contact me in some other way and we can continue the business
transaction. If we have a permissive acceptance policy, like we used to
have, there is a large pile of messages in a spam folder every day. It is
very easy to miss a legitimate message in that folder. When that inevitably
happens, the customer assumes I ignored his message. This is the worst
possible outcome. That is why I disagree with your previous statement that
ten spams getting through is better than a single false rejection. I also
run a business and I would _much_ rather have an occasional rejection with a
DSN than an occasional false positive lost in the spam folder.
The single largest cause of my customers' mail being rejected is lack of
rDNS, not a dynamic IP address. Most legitimate businesses don't try to run
MTA's off a dynamic IP line. If they are that strapped for cash, they
probably are not serious business prospects, anyway. You also don't need
business cards, letterhead, printed checks or credit references, but at some
point, people will not take you seriously. Inability to get your email
reliably delivered is just another of those indicators.
--
Seth Goodman