on Sun, Apr 18, 2004 at 04:33:18PM +0000, Paul Vixie wrote:
Maybe a stupid question... But if broadband providers aren't going to do this, and considering there are way less legitimate SMTP senders than broadband users, wouldn't it make more sense to whitelist known real SMTP sources rather than blacklist all addresses that potentially have a fake one?
that's not a stupid question, and you're right that statistically it's better engineering to make a small list of good things than large lists of bad ones. IETF MARID, my own MAIL-FROM, somebody's SPF, yahoo's "domainkeys", and lots of other people are working on what amounts to "a whitelisting solution", and in a few more years you might actually see some results along those lines.
We've had to do that here, simply to keep our own local antispam efforts from inadvertently blacklisting "legit" mail servers. So far, with relatively meager traffic over a year, I have a list of ~1300 legit mail servers I want to block but can't, due to their assumed legit-to-spam mail ratios, and another list of ~13,000 from whom I no longer accept null sender mail because they accept-then-bounce to forged senders. I haven't tried to assemble a list of all legit mail servers, though, as I've yet to see a definition of "legit" I can sit comfortably with. Some days, the line is drawn here, and others, it's drawn there. So, instead, I just keep track of those I'd like to block but can't, for whatever reason; those I block selectively; I whitelist a few more, and suffer. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today! http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/