Re: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please stop this random speculating. The ISP that was blocked is not my current ISP (I moved last fall), so none of this is relevant. And if I'm dealing with Hurricane now, well, that's the first I'd heard of it, since I'm downstream on a hosted service and never bothered to check who all my upstream providers are. Are you seriously asserting that I deserve to be blocked if I don't confirm that all my upstream ISP's are complying with J. Random Blacklist?

However, you are right that my current laptop configuration is one of many that won't work when Caller-ID or SPF records come into use for the domain guppylake.com. At that point, obviously, I will change my laptop's configuration. My sincere hope is that by the time that happens, I will have a better option for smtp submission. Blocking port 25 will most assuredly *not* help that problem. -- Nathaniel

On May 30, 2004, at 12:47 PM, Vernon Schryver wrote:

Received: from mail.optistreams.net (206-169-2-196.gen.twtelecom.net [206.169.2.196])
by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i4UG8bio077225
for <vjs@xxxxxxxxxxxxxxxxxxxx> env-from <nsb@xxxxxxxxxxxxx>;
Sun, 30 May 2004 10:08:38 -0600 (MDT)

From: Nathaniel Borenstein <nsb@xxxxxxxxxxxxx>

Mr. Borenstein and others like him expect the rest of us to subsidize
their $30/month connectivity by dealing with the network abuse of his
fellow customers, because they find $30/month comfortable.

Just for the record, I spend plenty more than $30 per month on Internet
connectivity, as does my employer. My views on this have nothing to do
with the cost of my Internet service, which is why I said nothing about
such costs. Since your message seems to be based entirely on a
misguided assessment of my motives, there's not much else in it that
needs to be answered. (We could argue forever about what constitutes a
monopoly, but I doubt any minds would be changed.)


Port 25 blocking may be sometimes necessary simply to preserve the
integrity of a network under heavy spam attack.

Perhaps I am mistaken, but I believe that Mr. Borenstein has mentioned his costs in the past. His recent talk about the supposed "near monopolies" of "cable providers" makes absolutely no sense except in the context of $30/month services.

The copy of his message appears to have been sent to my SMTP server
from one of those $30/month accounts.  Mr. Borenstein certainly has
complained about some sort of blocking of his mail.  I think that
blocking involved a cable provider account.  However, if the blocking
that bothered him was not from his TimeWarner acocunt, then perhaps
this is relevant:

traceroute to guppylake.com (64.71.173.70), 64 hops max, 44 byte packets
11 ix-8-0.core1.SanJose.teleglobe.net (66.198.97.18) 59.309 ms
12 pos2-3.gsr12416.pao.he.net (66.220.13.42) 119.297 ms
13 pos2-0.gsr12012.fmt.he.net (64.62.249.121) 61.106 ms
14 64.71.173.70 (64.71.173.70) 62.479 ms


traceroute to thehideout.net (64.71.176.110), 64 hops max, 44 byte packets
13 pos2-0.gsr12012.fmt.he.net (64.62.249.121) 60.953 ms
14 64.71.176.110 (64.71.176.110) 61.028 ms



Hurricane Electric has earned a reputation as a provider that avoids
dealing with reports of spam sent by its customers except by
forwarding them reports to its customers. See
http://groups.google.com/groups? scoring=d&q=+%22he.net%22+group%3A*email
http://groups.google.com/groups?scoring=d&as_epq=Hurricane%20Electric
http://groups.google.com/groups? scoring=d&q=+%22he.net%22+group%3A*abuse*


Juging from http://spews.org/html/S2100.html 64.71.173.70 is currently
listed by SPEWS at level 2. (I do not use or advocate SPEWS' list;
I'm pointing out SPEWS' data only to support my point about the supposed
unfairness of the blocking of Mr. Borenstein's mail.)


                                                 But I believe that a
long-term solution is possible that will be both more effective and
less restrictive.  My own focus is on that long-term planning, and I
just can't see port 25 blocking as anything more than a rather
problematic stopgap measure in advance of a more spam-resistant
infrastructure for SMTP message submission.

People have been talking about such ideas since Cyberpromo's day. The closest thing that has ever been implemented and proven effective is blocking port 25 SYNs from blocks of IP address that have a better than 99.9% probability of sending only spam and worms, namely the IP addresses of spammers and of "dynamic address." In practice the latter is synonmous with block port 25 for $30/month accounts.

Blocking port 25 from $30/month accounts does not affect SMTP-SUBMIT,
which is the IETF standardized "spam-resistant infrastructure for SMTP
message submission."   One must wonder how Mr.  Borenstein's mail could
be blocked by the sort of blocking he has repeatedly complained about
if he used SMTP-SUBMIT to reach reputable MTAs.

Note also the disconnect between the reverse-DNS of Mr. Borenstein's
SMTP client and his envelope Mail_From and header From: values,
and the lack of DNS RRs supporting any of the proposals for DNS-based
sender authentication.  According to the advocates of those mechanisms,
Mr. Borenstein's is "forging" his messages.


Vernon Schryver vjs@xxxxxxxxxxxx


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]