On Jan 12, 2010, at 2:34 PM, Patrick W. Gilmore wrote:
On Jan 12, 2010, at 2:11 PM, Michael Thomas wrote:
3) Should people really argue over what other people do with their own machines? You don't like SORBS, don't use it. Someone you need to talk to likes SORBS, make them stop, or conform. Might as well argue over a website using HTTPS when you don't like encryption.
I don't think the discussion is about SORBS, I think it's about this standards draft that SORBS points to. Here, I'll lay out what I'm saying simply (and retitle the thread so the SORBS issue will go away): 1. Your mailserver receives a connection from a previously-unknown relay. Although this discussion is meta to mail, it's the most prime example. 2. Very quickly, your mailserver must make a spot decision on whether the connecting IP address is a residential modem or a racked server. This information might be important in an administrator's decision, via his rules, to accept or reject any message that relay offers. (To reiterate: the problem is determination of sender, not an attempt to determine if the incoming mail is legitimate. This is beyond that.) 3. Currently, the solution is to consult the PTR, which this draft -- which coincidentally is written by the administrator of SORBS -- recommends. 4. For other reasons laid out in this thread, PTR is not the best choice. Additionally, administrators of mailservers who have no idea what a PTR is -- although their entry fee to the Internet mail system is debatable it will not be discussed here -- are now punished by blocklists like SORBS and Trend Micro with the simple crime of not knowing to PTR their mail server with something that screams "static allocation, not CPE". I note, with a heavy hand, that there are no widely-disseminated standards governing the reverse DNS of an Internet host other than this draft, but administrators make decisions on it anyway. 5. What else does your mailserver use? What could it use? Are there any desirable candidates for a standards-track behavior for determining the "class" of an IP (i.e., iPhone, home CPE, colo'd server, grid node, and so on). Should there be? My original goal here was educational -- I'd like to hear if anybody has given this question serious pause aside from putting silly restrictions on what can go in a PTR, and basing a heavy decision on said PTR. Are there any applications for such a test, outside of mail? I've apparently hit a nerve, and I'm sorry for that. JS