This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Reliance on rDNS
- Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: SHA2017: Hackers' Camping, RIPE Topics
- Next message (by thread): [anti-abuse-wg] Reliance on rDNS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Niall O'Reilly
Niall.oReilly+ripe at no8.be
Fri Aug 4 23:35:30 CEST 2017
By co-incidence, this is operationally relevant for me. On 4 Aug 2017, at 20:46, Ronald F. Guilmette wrote: > ox <andre at ox.co.za> you wrote: > > >> For Abuse purposes... Email Administrators should as a rule not >> relay/accept emails from IP numbers with no reverse... > > > I do agree completely. However as is made clear by this exact case, > there are enough inbound mail servers still left on this planet that > do not follow that rule This is not a "rule", but a heuristic of first approximation which, if relied on exclusively and dogmatically, has the consequences of arbitrarily penalizing the innocent, breaking network neutrality, and violating the end-to-end principle. Any of these consequences is itself an abuse. Email administrators and reputation brokers have other information and processes available to them which can be used to mitigate these consequence when appropriate. Failure to do so is either to play the bully or complacently to take the lazy option. I am currently in frustrating correspondence with a reputation broker who rigidly applies this so-called "rule", to whom I have most recently written the following. This is not helpful. The address of this mail server is provisioned dynamically, but has long-term persistence. I have no reason to believe that my connectivity provider can oblige me by implementing the measures you demand. It is not only today or yesterday that more sophisticated and flexible approaches than simple reliance on rDNS data have been available for making assessments of reputation. I have dealt with other reputation services in the past, and have been able to satisfy their requirements for whitelisting after a far shorter exchange of correspondence that the one in which we are now engaged. Your company, by relying, as it apparently does, solely on rDNS data to determine the reputation of the mail server I operate and announcing this reputation to its clients, is choosing act in a way which seems to involve defamation, denial of service, and holding the users of my e-mail system to ransom. This is, quite simply, abuse or, as I put it in an earlier message, bullying. I have re-used this item of correspondence with the intent of illustrating a current operational problem which shows the pernicious effect of the unmitigated application of the so-called "rule" mentioned in earlier posts. It is not my intent, and I hope I have not strayed too far in that direction, to mis-use this list as a channel for reporting abuse. Best regards, Niall O'Reilly
- Previous message (by thread): [anti-abuse-wg] New on RIPE Labs: SHA2017: Hackers' Camping, RIPE Topics
- Next message (by thread): [anti-abuse-wg] Reliance on rDNS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]