This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Reliance on rDNS
- Previous message (by thread): [anti-abuse-wg] Reliance on rDNS
- Next message (by thread): [anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ox
andre at ox.co.za
Sat Aug 5 06:33:56 CEST 2017
On Fri, 04 Aug 2017 16:28:51 -0700 "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: > "Niall O'Reilly" <Niall.oReilly+ripe at no8.be> wrote: > >On 4 Aug 2017, at 20:46, Ronald F. Guilmette wrote: > >> I do agree completely. However as is made clear by this exact > >> case, there are enough inbound mail servers still left on this > >> planet that do not follow that rule {to accept only inbound mail > >> from SMTP clients > > with reverse DNS implmented} > > This is not a "rule", but a heuristic of first approximation which, > > if relied on exclusively and dogmatically, has the consequences of > > arbitrarily penalizing the innocent, breaking network neutrality, > > and violating the end-to-end principle. > > Any of these consequences is itself an abuse. > > Email administrators and reputation brokers have other information > > and processes available to them which can be used to mitigate these > > consequence when appropriate. Failure to do so is either to play > > the bully or complacently to take the lazy option. > > Well, actually, I do agree, mostly, with Niall O'Reilly's primary > point here, and I apologize for having been a little less than > precise in my earlier comments on this topic. > I do not agree with Niall O'Reilly's primary point at all, I do agree with some of your reply. Neither of your points address the balance between rights and responsibilities. People has to be responsible for their abuse. So, "net neutrality" the "innocent" and the "end-to-end principle" has to be in balance with other OBVIOUS inalienable rights. Instead of a long and technical response I am simply going to say this: If you provide a service of transporting email for other people (much like a bank handling money) you must at the very least have a fixed IP number and that IP number must have a reverse name configured to it. Insisting that you should have the "freedom" to relay bulk emails from random IP numbers with no reverse zone configured, even if presenting an eloquent argument is fatally flawed and frankly, stupid. And, rDNS is not the be all and end all of anything, it is simply one of hundreds of important factors in relaying email. If all email servers (100% and not +-75%) where to enforce this, basic rule, there would be less reason for criminals to hijack IP ranges. So, as the majority already do impose this simple and obvious restriction, I am simply pleading and advocating to the remaining, small minority. Some of which are also on this list... Andre
- Previous message (by thread): [anti-abuse-wg] Reliance on rDNS
- Next message (by thread): [anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]