Re: RBL-type BGP service for known rogue networks?

North American Network Operators Group

Re: RBL-type BGP service for known rogue networks?

From: Greg A. Woods
Date: Sun Jul 09 22:35:29 2000

[ On Sunday, July 9, 2000 at 20:51:23 (-0400), Shawn McMahon wrote: ]
> Subject: Re: RBL-type BGP service for known rogue networks?
>
> Unfortunately, it allows for contradictions in this discussion.

No, it doesn't, at least not so long as everyone understands the
differences in different policy requirements.

I happen to have several separate and distinct policy requirements for
my SMTP server(s):

	- don't ever accept e-mail from any known open relay or any
          network block which has known open relays but won't allow
          finer testing.

	- don't ever accept e-mail from any known dial-up address.

	- don't ever accept e-mail from any known spammer.

	- don't ever allow a remote SMTP server to forge its hostname.

	- don't ever allow the sender address domain to be invalid.

> At least one pro-ORBS person has stated that individuals should make direct
> SMTP connections instead of using their provider's server, and they could thus
> avoid being subject to ORBS testing of their provider.
> 
> Oh, but sorry; if I do that, I can't send Greg A. Woods email, because his system
> doesn't recognize the value in my system having the name "oa.eiv.com" all the
> time, instead of me hacking together sed scripts to change my sendmail config
> to read something like "user1432.fl.sprint-hsd.net" every time I get a new
> dynamic IP.

You've confused my policy requirements.  Please see above.

> If I switch to using my provider's SMTP server, now I have a security issue
> because it's going through a server I don't control and which could conceivably
> screw up and get itself ORBS-listed at any moment, completely outside my control.

Use PGP and encrypt your e-mail if you want security and control.

Either that or buy yourself a real Internet connection with a static
address and run your own *real* SMTP server.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>

Follow-Ups:
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon

References:
- RE: RBL-type BGP service for known rogue networks? Sabri Berisha
- RE: RBL-type BGP service for known rogue networks? Roeland M.J. Meyer
- RE: RBL-type BGP service for known rogue networks? Greg A. Woods
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon
- Re: RBL-type BGP service for known rogue networks? Greg A. Woods
- Re: RBL-type BGP service for known rogue networks? Shawn McMahon

Prev by Date: RE: RBL-type BGP service for known rogue networks?
Next by Date: RE: "top secret" security does require blocking SSH
Date Index
Thread Index
Author Index
Historical