This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Reliance on rDNS

Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: SHA2017: Hackers' Camping, RIPE Topics
Next message (by thread): [anti-abuse-wg] Reliance on rDNS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Niall O'Reilly Niall.oReilly+ripe at no8.be
Fri Aug 4 23:35:30 CEST 2017

  By co-incidence, this is operationally relevant for me.

On 4 Aug 2017, at 20:46, Ronald F. Guilmette wrote:

> ox <andre at ox.co.za> you wrote:
>
>
>> For Abuse purposes... Email Administrators should as a rule not
>> relay/accept emails from IP numbers with no reverse...
>
>
> I do agree completely.  However as is made clear by this exact case,
> there are enough inbound mail servers still left on this planet that
> do not follow that rule

  This is not a "rule", but a heuristic of first approximation which,
  if relied on exclusively and dogmatically, has the consequences of
  arbitrarily penalizing the innocent, breaking network neutrality,
  and violating the end-to-end principle.

  Any of these consequences is itself an abuse.

  Email administrators and reputation brokers have other information
  and processes available to them which can be used to mitigate these
  consequence when appropriate.  Failure to do so is either to play
  the bully or complacently to take the lazy option.

  I am currently in frustrating correspondence with a reputation broker
  who rigidly applies this so-called "rule", to whom I have most recently
  written the following.

This is not helpful.

The address of this mail server is provisioned dynamically, but has
long-term persistence. I have no reason to believe that my connectivity
provider can oblige me by implementing the measures you demand.

It is not only today or yesterday that more sophisticated and flexible
approaches than simple reliance on rDNS data have been available for
making assessments of reputation. I have dealt with other reputation
services in the past, and have been able to satisfy their requirements
for whitelisting after a far shorter exchange of correspondence that
the one in which we are now engaged.

Your company, by relying, as it apparently does, solely on rDNS data
to determine the reputation of the mail server I operate and announcing
this reputation to its clients, is choosing act in a way which seems to
involve defamation, denial of service, and holding the users of my
e-mail system to ransom.

This is, quite simply, abuse or, as I put it in an earlier message,
bullying.

  I have re-used this item of correspondence with the intent of
  illustrating a current operational problem which shows the
  pernicious effect of the unmitigated application of the so-called
  "rule" mentioned in earlier posts.

  It is not my intent, and I hope I have not strayed too far in that
  direction, to mis-use this list as a channel for reporting abuse.

  Best regards,

  Niall O'Reilly

Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: SHA2017: Hackers' Camping, RIPE Topics
Next message (by thread): [anti-abuse-wg] Reliance on rDNS

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]