Re: spoofing email addresses

[Nathaniel Borenstein <nsb@xxxxxxxxxxxxx>]

Please stop this random speculating.  The ISP that was blocked is not  
my current ISP (I moved last fall), so none of this is relevant.  And  
if I'm dealing with Hurricane now, well, that's the first I'd heard of  
it, since I'm downstream on a hosted service and never bothered to  
check who all my upstream providers are.  Are you seriously asserting  
that I deserve to be blocked if I don't confirm that all my upstream  
ISP's are complying with J. Random Blacklist?

However, you are right that my current laptop configuration is one of  
many that won't work when Caller-ID or SPF records come into use for  
the domain guppylake.com.  At that point, obviously, I will change my  
laptop's configuration.  My sincere hope is that by the time that  
happens, I will have a better option for smtp submission.  Blocking  
port 25 will most assuredly *not* help that problem.  -- Nathaniel

On May 30, 2004, at 12:47 PM, Vernon Schryver wrote:

> > Received: from mail.optistreams.net (206-169-2-196.gen.twtelecom.net  
> > [206.169.2.196])
> >        by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id  
> > i4UG8bio077225
> >        for <vjs@xxxxxxxxxxxxxxxxxxxx> env-from <nsb@xxxxxxxxxxxxx>;
> >        Sun, 30 May 2004 10:08:38 -0600 (MDT)
>
> > From: Nathaniel Borenstein <nsb@xxxxxxxxxxxxx>
>
> > > Mr. Borenstein and others like him expect the rest of us to subsidize
> > > their $30/month connectivity by dealing with the network abuse of his
> > > fellow customers, because they find $30/month comfortable.
> >
> > Just for the record, I spend plenty more than $30 per month on  
> > Internet
> > connectivity, as does my employer.  My views on this have nothing to  
> > do
> > with the cost of my Internet service, which is why I said nothing  
> > about
> > such costs. Since your message seems to be based entirely on a
> > misguided assessment of my motives, there's not much else in it that
> > needs to be answered.  (We could argue forever about what constitutes  
> > a
> > monopoly, but I doubt any minds would be changed.)
> >
> > Port 25 blocking may be sometimes necessary simply to preserve the
> > integrity of a network under heavy spam attack.
>
> Perhaps I am mistaken, but I believe that Mr. Borenstein has mentioned
> his costs in the past.  His recent talk about the supposed "near
> monopolies" of "cable providers" makes absolutely no sense except
> in the context of $30/month services.
>
> The copy of his message appears to have been sent to my SMTP server
> from one of those $30/month accounts.  Mr. Borenstein certainly has
> complained about some sort of blocking of his mail.  I think that
> blocking involved a cable provider account.  However, if the blocking
> that bothered him was not from his TimeWarner acocunt, then perhaps
> this is relevant:
>
> traceroute to guppylake.com (64.71.173.70), 64 hops max, 44 byte  
> packets
> 11  ix-8-0.core1.SanJose.teleglobe.net (66.198.97.18)  59.309 ms
> 12  pos2-3.gsr12416.pao.he.net (66.220.13.42)  119.297 ms
> 13  pos2-0.gsr12012.fmt.he.net (64.62.249.121)  61.106 ms
> 14  64.71.173.70 (64.71.173.70)  62.479 ms
>
> traceroute to thehideout.net (64.71.176.110), 64 hops max, 44 byte  
> packets
> 13  pos2-0.gsr12012.fmt.he.net (64.62.249.121)  60.953 ms
> 14  64.71.176.110 (64.71.176.110)  61.028 ms
>
>
> Hurricane Electric has earned a reputation as a provider that avoids
> dealing with reports of spam sent by its customers except by
> forwarding them reports to its customers.  See
> http://groups.google.com/groups? 
> scoring=d&q=+%22he.net%22+group%3A*email
> http://groups.google.com/groups?scoring=d&as_epq=Hurricane%20Electric
> http://groups.google.com/groups? 
> scoring=d&q=+%22he.net%22+group%3A*abuse*
>
> Juging from http://spews.org/html/S2100.html 64.71.173.70 is currently
> listed by SPEWS at level 2.  (I do not use or advocate SPEWS' list;
> I'm pointing out SPEWS' data only to support my point about the  
> supposed
> unfairness of the blocking of Mr. Borenstein's mail.)
>
> >                                                  But I believe that a
> > long-term solution is possible that will be both more effective and
> > less restrictive.  My own focus is on that long-term planning, and I
> > just can't see port 25 blocking as anything more than a rather
> > problematic stopgap measure in advance of a more spam-resistant
> > infrastructure for SMTP message submission.
>
> People have been talking about such ideas since Cyberpromo's day.  The
> closest thing that has ever been implemented and proven effective is
> blocking port 25 SYNs from blocks of IP address that have a better
> than 99.9% probability of sending only spam and worms, namely the IP
> addresses of spammers and of "dynamic address."  In practice the latter
> is synonmous with block port 25 for $30/month accounts.
>
> Blocking port 25 from $30/month accounts does not affect SMTP-SUBMIT,
> which is the IETF standardized "spam-resistant infrastructure for SMTP
> message submission."   One must wonder how Mr.  Borenstein's mail could
> be blocked by the sort of blocking he has repeatedly complained about
> if he used SMTP-SUBMIT to reach reputable MTAs.
>
> Note also the disconnect between the reverse-DNS of Mr. Borenstein's
> SMTP client and his envelope Mail_From and header From: values,
> and the lack of DNS RRs supporting any of the proposals for DNS-based
> sender authentication.  According to the advocates of those mechanisms,
> Mr. Borenstein's is "forging" his messages.
>
>
> Vernon Schryver    vjs@xxxxxxxxxxxx
>
> _______________________________________________
>
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf