Re: [Asrg] [IP] 4 Rivals Almost United on Ways to Fight Spam

[Markus Stumpf <maex-lists-spam-ietf-asrg at Space.Net>]

On Mon, Jun 28, 2004 at 12:37:48PM -0700, George Ou wrote:
> That is a misleading number even if it is accurate.

It is accurate. See the posting of last week:
    http://www1.ietf.org/mail-archive/web/asrg/current/msg10425.html
And it is NOT misleading.

> What happens when
> you're collocating your domain with others on the same IP address?  If you
> black list an IP address that was being shared by 100 virtual domains, that
> has too much collateral damage for the 99 other well behaving domains that
> might be sharing the same IP address with the one bad apple.

It is about admins giving other admins a hint, as whether that IP address
is meant to be a MTA sending to other MTAs or not. For DE it reduces
- with the assumption of count(receiving MTA) approx. count(sending MTA) -
the number of IP addresses I accept eMails from, from some million to
about 150000.
DNSBLs don't care about virtual domains right now. If a server is abused
it is blacklisted and that is the only correct method until the admin
takes action. But we're not talking about DNSBLs here, but about owners
of IP space giving hints.

And about collateral damage: this will lead to a cleanup. "colocators"
with a rented PIII and 100 virtual domains with dumping prices and no
monitoring or caring or abuse handling will die and leave room for
responsible people with servers closely maintained and monitored.
Problem solved.

> Black listing
> a domain name in a post domain level authentication world is far more
> effective.  It would not matter if that domain moved to a new IP address.

Moving a "legal" domain will be a pain, as you would have to update your
SPF records to have the new IP address listed. Changing ISPs even with
100 domains will become a nightmare for resellers.

About blacklisting domains:

> However, there are times that IP level blocking is appropriate.  Ultimately,
> IP and Domain level blocking will be small piece of the treatment for spam.
> Sender ID and Domain Keys are just a new weapon we have in fighting spam.
> It doesn't replace all of the current effective techniques of combating
> spam, it complements them.

No they don't. They open a wide new field for post Sender ID and Domain
Key systems that are needed to accredit the information in the SPF
records or you will be vulnerable to "throwaway domains". 1000 domains
for USD 5000 (or even cheaper) leaves a lot of room. Short-TTL *valid*
SPF records pointing to a network of 150000 abused DSL hosts
    http://www.wired.com/news/business/0,1367,60747,00.html
    http://www.circleid.com/article/162_0_1_0_C/
that is highly adaptable. For that SPF, Caller-ID, DomainKeys et all
will not change a thing without additional accreditation services.

And one day, not too far away, DNS queries will outnumber SMTP and HTTP
even in bandwidth ;-P

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg