North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: unwise filtering policy from

  • From: Suresh Ramasubramanian
  • Date: Wed Nov 21 20:26:53 2007
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=5XdLMvqyK9b0ovvrXdQCi6Uu1tVanxVYFE/PFlYRwRk=; b=Ofl3CV7oEknWMQ13db4TGhMN9Sk/m1psDoiHuIg0PGbzSg61ReKXhiCmIdIgOP/U2tA7kUCsZjXOm6p3IrEYDzMHhl+d+mkLf0mKSQ/2WTJrWfuHjpUIFPPziRo/NHVUCRC8rz1TphojBHUV/TDtCkOq/dKIq7HPMaBfgMAlDYY=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZX6P3bpDzk/4zWu4y4tYc6i8mIRRNUEGAGPLA287GkOLgiYdvSuCIOvsnx8qhiABB79NgyomhhmAdrWbAHPAMPWVoHn+CynF+f+GBgTc9pqVHpqfrs2nnVf8Xipmq8VJlzocieupU2+HFurO362IeJBCCti6yVIv7UaLuu1FHwQ=

On Nov 22, 2007 3:33 AM, Barry Shein <[email protected]> wrote:

> If that ([email protected]) overloads those servers, even if they're
> valiantly trying to pass the connection off to another machine, then
> you have to use some other method like [email protected] or
> [email protected] and hope the clients will somehow use that tho for
> BIGCOMPANY there's a tendency to just bang in [email protected]

... and the RFC says that, and those people that still do manually
report abuse will email [email protected]  or [email protected] instead of
hitting report spam and letting their ISP forward it across in a
feedback loop (which will go to an entirely different, machine parsed
address as the ARF spec is designed to let you do).

You can always alias [email protected] internally to a subdomain if you wish -
but that wouldnt be because [email protected] slows down your MXs.  The smtp load
inbound to  an abuse mailbox will be fairly small compared to the
general load of smtp (and spam) coming your users' way for sure.

There's lots of ways to manage an abuse mailbox (such as filter spam
to your abuse mailbox into a bulk folder, review it and then feed it
to scripts that parse the spam and feed the results to your filters).
MAAWG's been working on an abuse desk bcp for quite some time (the
hard / tech part of it, as well as soft abuse stuff like motivating
and training abuse deskers, giving them career paths etc)

> It can be a problem in joe jobs, as one e.g.
> If you think I'm wrong (or Sean's wrong) even for a milisecond then
> trust me, this is going right over your head. Think again or email me
> privately and I'll try to be more clear.
> P.S. It's an interesting thought. The only approach to a solution I
> could imagine is that the whole address would have to be passed in the
> MX query.
> On November 21, 2007 at 21:06 [email protected] (Paul Jakma) wrote:
>  > >
>  > > An unfortunate limitation of the SMTP protocol is it initially only
>  > > looks at the right-hand side of an address when connecting to a
>  > > server to send e-mail, and not the left-hand side.
>  >
>  > > full) or the normal server administrators may make changes which
>  > > affects all addresses passing through that server (i.e. block by IP
>  > > address).
>  >
>  > I guess you're saying there's something architectural in email that
>  > makes it impossible/difficult (limitation) to apply different policy
>  > to the LHS.
>  >
>  > That's not correct though. The receiving MTA is quite free to apply
>  > differing policies to different LHSes. And at least one MTA allows
>  > you special-case measures applied to tables of addresses, such as
>  > whether DNSbl lookups should be applied.
>  >
>  > SMTP is distributed, so you do of course have to take care to keep
>  > distributed policy consistent. But, again, that has nowt to do with
>  > LHS/RHS of email addresses.
>  >
>  > regards,
>  > --
>  > Paul Jakma   [email protected]   [email protected]  Key ID: 64A2FF6A
>  > Fortune:
>  > A plumber is needed, the network drain is clogged
> --
>         -Barry Shein
> The World              | [email protected]           |
> Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
> Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

Suresh Ramasubramanian ([email protected])