On Wed, Oct 06, 2004 at 03:09:55PM -0600, Jon Bertrand wrote:
|
| One of the measures is to block direct-MX connections from dsl, cable
| and dial-up networks. In your case, the reverse DNS entry for your
| server's IP address is "h-66-166-42-108.dnvtco56.covad.net". We block
| all connections from ".covad.net". This does not effect the normal
| Covad mail servers.
|
| So, is this a common thing? Is this idea gaining ground?
|
Yes, this is a common thing. In an age when most
direct-to-MX spam comes from broadband zombies, any PTR
hostname that contains its IP address is automatically
suspect. Being a subdomain of a known broadband provider is
confirmation.
| My initial reaction was
| 1) SPF + Reputation Based System beats "just shut off all DSL."
Yes, your scenario is one of the motivations behind SPF and
similar efforts. We want to get away from heuristic and IP
blocking, and move toward a more certain world which gives
more control to both receivers and legitimate senders.
| 2) Relay - no way, it just complicates things
Does your ISP offer a business class service level? At the
regular consumer class service level, custom DNS delegation
isn't usually part of the package.
| 3) Change the DNS - wow, is this a common thing to do?
Yes, change the DNS if you can. Most business DNS
configurations avoid looking like a broadband machine for
this reason.
|
| In a world with spf1 what's a good reponse to this?
|
http://spf.pobox.com/slides/unified%20spf/0429.html
| Got SPF - anybody got a good reputation based system?
|
I have a prototype implementation of what I'm calling the
Karma project at
http://dumbo.pobox.com/~mengwong/karma/?domain=cirris.com;password=995yhw4hw456
I am waiting on Mark Langston to give me a query interface
to Gossip.
http://www.sufficiently-advanced.net/
See also some first contact scenarios at the bottom of
http://spf.pobox.com/aspen/agupimail.png
LOAF is at http://loaf.cantbedone.org/
My explanation of LOAF is at
http://dumbo.pobox.com/~mengwong/tmp/loaf-diagrams/mouseovered.html
