I suggest reputation on the reply-to domain also (if authenticated of course). No more running to other IPs / ESPs if you are a bad boy. You can integrate it in browsers and show it there too (watch out; don't enter your email address here because they will spam you or have spam evading practices [if no authentication takes place]). Show the reputation in the email client if possible. And I would like fine-grained complaining possible (so everyone can filter like the big boys can, one might need the 'ham' numbers too). But you want to be sure such numbers are authentic. David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) -----Oorspronkelijk bericht----- Van: mailop [mailto:mailop-bounces@mailop.org] Namens Michael Peddemors Verzonden: Thursday, March 27, 2014 1:06 AM Aan: mailop@mailop.org Onderwerp: Re: [mailop] IPv6 DNSBL On 14-03-26 04:42 PM, John Levine wrote:
As a reliable rule of thumb, any list that's large enough to be interesting is also large enough to be compromised.
I know people who have run whitelists at Returnpath, and I was in charge of the never very successful Spamhaus whitelist. The ones at Returnpath always said that much of the job was dealing with bullshit and deception from people trying to sneak into the whitelist. At Spamhaus, the main problem was that nearly all of the people willing to go to the effort to be whitelisted didn't qualify, which wasn't surprising, since people with good mail behavior rarely have trouble getting their mail delivered.
R's, John
Here Here.. (For instance, we recommend that people running filtering turn those off right away, eg SA..) But we do see a lot of people discussing this here, and at the risk of making even more noise on this list on this subject, and maybe we should kill the thread there.. It would be interesting to get a poll of sorts.. hands please.. (You can reply off-list) Options: 1) Only allow IPv4 to be used for MTA's 2) Create a Registry of Operators/IPs for MTA's on IPv6 3) Allow all IPv6 to be used for MTA's, and use blacklists 4) Other (Suggestions) And if you believe in item 2, (personally I am happy with 1 or 2 and open to 4) what would you expect such a registry to look like? -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic ------------------------------------------------------------------------ A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
On Mar 27, 2014, at 2:37 AM, David Hofstee <david@mailplus.nl> wrote:
I suggest reputation on the reply-to domain also (if authenticated of course). No more running to other IPs / ESPs if you are a bad boy. You can integrate it in browsers and show it there too (watch out; don't enter your email address here because they will spam you or have spam evading practices [if no authentication takes place]). Show the reputation in the email client if possible.
Most are not authenticated. The vast majority of SPAM I see is, among other things, Joe Jobbed. Owen
I suggest reputation on the reply-to domain also (if authenticated of course). No more running to other IPs / ESPs if you are a bad boy. You can integrate it in browsers and show it there too (watch out; don't enter your email address here because they will spam you or have spam evading practices [if no authentication takes place]). Show the reputation in the email client if possible.
Most are not authenticated. The vast majority of SPAM I see is, among other things, Joe Jobbed.
True. But the world must progress too. It would be nice if the spam-issue is better solved on IPv6 (than on IPv4). You would then have a reason to /not/ accept on IPv4 (and give IPv6 a boost). There must be a good reason for people to get of their asses and start implementing things like DMARC. All the banks (!$%^) I talk to do not have any reason to implement it swiftly (they turn on p=none and then all progress stops). Frustrating that they are too lazy to implement a few DNS records. It only needs firm backing by 3+ large companies like Hotmail. Give everyone on IPv6 without DMARC a large spamscore (and publish that beforehand ;-) ). Give me ammunition and all corporates will move. David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) -----Oorspronkelijk bericht----- Van: Owen DeLong [mailto:owen@delong.com] Verzonden: Thursday, March 27, 2014 1:40 PM Aan: David Hofstee CC: Michael Peddemors; nanog@nanog.org Onderwerp: Re: [mailop] IPv6 DNSBL On Mar 27, 2014, at 2:37 AM, David Hofstee <david@mailplus.nl> wrote:
I suggest reputation on the reply-to domain also (if authenticated of course). No more running to other IPs / ESPs if you are a bad boy. You can integrate it in browsers and show it there too (watch out; don't enter your email address here because they will spam you or have spam evading practices [if no authentication takes place]). Show the reputation in the email client if possible.
Most are not authenticated. The vast majority of SPAM I see is, among other things, Joe Jobbed. Owen
On Thu, Mar 27, 2014 at 9:21 AM, David Hofstee <david@mailplus.nl> wrote:
There must be a good reason for people to get of their asses and start implementing things like DMARC. All the banks (!$%^) I talk to do not have any reason to implement it swiftly (they turn on p=none and then all progress stops). Frustrating that they are too lazy to implement a few DNS records.
It only needs firm backing by 3+ large companies like Hotmail. Give everyone on IPv6 without DMARC a large spamscore (and publish that beforehand ;-) ). Give me ammunition and all corporates will move.
Please no. DMARC is great for 1:1 direct email (from:me, to:you). Anything other than p=none fails miserably once the scope is expanded. Let me give you examples of things that would fail miserably under your suggestion above: 1) This list 2) The recent, heavily forwarded and reflected, Cisco PSIRT notices. NANOG is not the place to debate this, nor is it the place to advocate self inflicted harm. -Jim P.
participants (3)
-
David Hofstee -
Jim Popovitch -
Owen DeLong