Oh, the irony of this thread being initiated by someone with an @covad.com address. ;) I don't have an answer for the originator, but this reminded me of something about DNSBLs that I've been meaning to ask. Does anyone know of a black hole list of dynamic cable and DSL clients? What I really want is one that mimics AOLs block list of dynamic IPs. I HUGE portion of the spam we were (and still are) receiving came out of attbi.com, swbell.com, pacbell.com, covad.com, etc. DSL and cable customers, and almost no legitimate mail. Manangement resisted blocking those IPs until AOL lead the way. "If they can't send to AOL either, they can't complain that we're being unreasonable. They'll have to break down and fix their mail servers." However, trying to figure out which blocks of IPs these ISPs use for dynamic connections (which we want to block) versus static allocations (which we may not wish to) is non-trival. The few "dynamic" DNSBLs I've found haven't provided enough documentation about what they actually are trying to include. Plus, when I tested them, they didn't seem to block some of the most obvious culprits. (Before anyone starts arguing the merits of blocking dynamic addresses, you might as well try to tell me why you need to run an open relay and I shouldn't block it. I have a dynamic address at home, and I am blocked by my own filters at work. I figured out long ago that my home MTA needs to route outgoing email via my ISP's outgoing SMTP servers, and it has never caused me any problems.) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org
On Fri, May 30, 2003 at 10:59:50AM -0700, Crist J. Clark wrote:
I don't have an answer for the originator, but this reminded me of something about DNSBLs that I've been meaning to ask. Does anyone know of a black hole list of dynamic cable and DSL clients? What I really want is one that mimics AOLs block list of dynamic IPs.
Wirehub^WEasynet NL's Dynablocker might fit your bill, at least they have documented what they include. http://abuse.easynet.nl/dynablocker.html
Andy Smith wrote:
On Fri, May 30, 2003 at 10:59:50AM -0700, Crist J. Clark wrote:
I don't have an answer for the originator, but this reminded me of something about DNSBLs that I've been meaning to ask. Does anyone know of a black hole list of dynamic cable and DSL clients? What I really want is one that mimics AOLs block list of dynamic IPs.
Wirehub^WEasynet NL's Dynablocker might fit your bill, at least they have documented what they include. http://abuse.easynet.nl/dynablocker.html
Wirehub tries to only do dialups. PDL will cover all forms of dynamics. Also see @dynamic in spfilter (openrbl.org). -Jack
On Fri, 30 May 2003, Crist J. Clark wrote:
Oh, the irony of this thread being initiated by someone with an @covad.com address. ;)
I don't have an answer for the originator, but this reminded me of something about DNSBLs that I've been meaning to ask. Does anyone know of a black hole list of dynamic cable and DSL clients? What I really want is one that mimics AOLs block list of dynamic IPs.
Pretty much all the dialup lists contain dynamically assigned DSL/cable IPs as well. I don't have a problem with rejecting a 56k modem user with one of those lists. Even I'm leary about rejecting mail from DSL/cable customers in the same manner. Yes they shoud SmartHost to their provider. There are lots of times when that isn't feasible. The most blatent example is those worthless ISPs that mandate that all mail passing through their MTA claim to be From and have a Reply-To of the ISP's domain. Nothing like free advertising for the ISP, eh? If I had an ISP like that and I was unable to switch to one that wasn't an absolute joke, I'd send direct-to-MX as well, or at least bounce it off of one of my own MTAs. AOl be damned. Don't like AOL dictate what you do on your own networks. I wouldn't block dynamically assigned broadband IPs. However I wouldn't hesitate a bit about scoring mail off of them. Adding 1 or 1.5 to the score seems most justified in my opinion. Justin
On Fri, 30 May 2003 listuser@numbnuts.net wrote:
Pretty much all the dialup lists contain dynamically assigned DSL/cable IPs as well.
I don't have a problem with rejecting a 56k modem user with one of those lists. Even I'm leary about rejecting mail from DSL/cable customers in the same manner. Yes they shoud SmartHost to their provider. There are lots of times when that isn't feasible.
Dialup is a good throw-away, as is cable. DSL gets a bit more interesting, as you have "upscale" ADSL services, like Speakeasy, that give out static IPs and they tend to attract people who wish to run servers at home. Now a list that canned dialup, cable, and most dynamic IP DSL, that would be just peachy. But from where I sit, I'm still seeing lots of junk from other sources, usually overseas, and lately a good deal of domestic from co-lo providers that don't enforce their AUPs. Charles
Justin
Hello Charles & All , Love all of you that want to filter , Please do I would bo one of those that you'd filter . I've been running my little home netowrk for ~8 years using dialup , isdn , adsl , cable . Never could get any employer to fork over better than that . It brings to mind something Randy said ,(something like) I highly recommend that my compititon ... That way people (ie: customers who know better) will find a non/inteligent-filering provider . Please THINK before doing . Hth , JimL On Fri, 30 May 2003, Charles Sprickman wrote:
On Fri, 30 May 2003 listuser@numbnuts.net wrote:
Pretty much all the dialup lists contain dynamically assigned DSL/cable IPs as well. I don't have a problem with rejecting a 56k modem user with one of those lists. Even I'm leary about rejecting mail from DSL/cable customers in the same manner. Yes they shoud SmartHost to their provider. There are lots of times when that isn't feasible.
Dialup is a good throw-away, as is cable. DSL gets a bit more interesting, as you have "upscale" ADSL services, like Speakeasy, that give out static IPs and they tend to attract people who wish to run servers at home. Now a list that canned dialup, cable, and most dynamic IP DSL, that would be just peachy. But from where I sit, I'm still seeing lots of junk from other sources, usually overseas, and lately a good deal of domestic from co-lo providers that don't enforce their AUPs.
-- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+
Mr. James W. Laferriere wrote:
Hello Charles & All , Love all of you that want to filter , Please do I would bo one of those that you'd filter . I've been running my little home netowrk for ~8 years using dialup , isdn , adsl , cable . Never could get any employer to fork over better than that . It brings to mind something Randy said ,(something like) I highly recommend that my compititon ... That way people (ie: customers who know better) will find a non/inteligent-filering provider . Please THINK before doing . Hth , JimL
You seem to think that customers give ISPs a choice. The fact is, customers scream about the 50-90% spam that hits their mailbox and want it gone at any cost. Whitelisting is easy, and done when requested. Customers are happy. The stance now stands, if you can't afford a static IP address to properly run a mail server, then use a smart host. If a server isn't static, then the IP address can't be trusted or the next guy at that IP address will be a spammer. Most places will whitelist based on email address or vanity domain if asked. -Jack
Hello Jack , On Fri, 30 May 2003, Jack Bates wrote:
Mr. James W. Laferriere wrote:
Hello Charles & All , Love all of you that want to filter , Please do I would bo one of those that you'd filter . I've been running my little home netowrk for ~8 years using dialup , isdn , adsl , cable . Never could get any employer to fork over better than that . It brings to mind something Randy said ,(something like) I highly recommend that my compititon ... That way people (ie: customers who know better) will find a non/inteligent-filering provider . Please THINK before doing . Hth , JimL You seem to think that customers give ISPs a choice. The fact is, customers scream about the 50-90% spam that hits their mailbox and want it gone at any cost. Whitelisting is easy, and done when requested. Customers are happy. White listing is NOT what was being discussed . Tho is can be adventagous in the right circumstances .
The stance now stands, if you can't afford a static IP address to properly run a mail server, then use a smart host. If a server isn't static, then the IP address can't be trusted or the next guy at that IP address will be a spammer. Most places will whitelist based on email address or vanity domain if asked. And neither was Static addressing . Filtering was being discussed based on some unknown (to me probably others as well) methodology . Twyl , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+
Mr. James W. Laferriere wrote: <snip>
White listing is NOT what was being discussed . Tho is can be adventagous in the right circumstances .
<snip>
And neither was Static addressing . Filtering was being discussed based on some unknown (to me probably others as well) methodology . Twyl , JimL
White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Given the number of insecure client systems on dynamic addressing (proxy servers, trojans, etc), accepting email from dynamic addresses is becoming inherently more dangerous. If smarthosts can't be used from those addresses, then special whitelisting can be done. Of course, the person implementing email blocks of any type, especially public blacklists, must take some ammount of responsibility in maintaining legitimate email communications as dictated by users. -Jack
Hello Jack , On Fri, 30 May 2003, Jack Bates wrote:
Mr. James W. Laferriere wrote: <snip>
White listing is NOT what was being discussed . Tho is can be adventagous in the right circumstances . <snip> And neither was Static addressing . Filtering was being discussed based on some unknown (to me probably others as well) methodology . Twyl , JimL
White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns .
Given the number of insecure client systems on dynamic addressing (proxy servers, trojans, etc), accepting email from dynamic addresses is becoming inherently more dangerous. If smarthosts can't be used from those addresses, then special whitelisting can be done. Highly agreed . But sure am hoping some better solutions are being developed .
Of course, the person implementing email blocks of any type, especially public blacklists, must take some ammount of responsibility in maintaining legitimate email communications as dictated by users. YES ! Without this there is no check &/or balance to the procedure/s in use . Twyl , JimL
-- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | P.O. Box 854 | Give me Linux | | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP | +------------------------------------------------------------------+
On Sat, 31 May 2003, Mr. James W. Laferriere wrote:
White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns .
It's usually determined via in-addr.arpa, whois data, or direct information from the provider. When MAPS was freely available, I used to periodically email them updates on our IP space (please add these dial ranges, please remove these others). I'm sure others did the same. AFAIK, they had at least one FTE who's job it was to maintain the DUL. Those large providers who stole copies of the DUL before MAPS pulled the plug on them, and continued to use them without maintenance still annoy me as we've run into issues multiple times with space removed from the DUL still being in their private copies. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Sat, 31 May 2003 jlewis@lewis.org wrote:
On Sat, 31 May 2003, Mr. James W. Laferriere wrote:
White listing comes with any blacklist. The blacklists in particular being discussed were the @dynamics, like the PDL and dynablock at easynet. Both lists quite clearly state how they build their lists and what they are designed to block (dynablock only takes out dialup, and PDL takes out all dynamic addressing). Query , How is it determined that the address in question is dynamic or not ? Who/how/what makes that determination ? This is the core of my concerns .
It's usually determined via in-addr.arpa, whois data, or direct information from the provider. When MAPS was freely available, I used to periodically email them updates on our IP space (please add these dial ranges, please remove these others). I'm sure others did the same. AFAIK, they had at least one FTE who's job it was to maintain the DUL.
Many providers list their own dynamically assigned blocks voluntarily. It helps the fight against spam to an extent; plus it's good PR. Someday I expect to either see someone create a list of known MTAs through which you must register it with some entity, or a list of everything that isn't an MTA--every statically/dynamically assigned desktop, laptop, home node, etc... If that ever happens the results should be quite interesting.
Those large providers who stole copies of the DUL before MAPS pulled the plug on them, and continued to use them without maintenance still annoy me as we've run into issues multiple times with space removed from the DUL still being in their private copies.
I agree. Something like that could have large chunks go stale in a hurry. If you toss in the number of providers going belly-up since MAPS went commercial, then that's a lot netblocks that shouldn't be in the DUL and aren't if people are paying for a current copy (like we do). Justin
participants (8)
-
Andy Smith
-
Charles Sprickman
-
Crist J. Clark
-
Jack Bates
-
jlewis@lewis.org
-
Justin Shore
-
listuser@numbnuts.net
-
Mr. James W. Laferriere