IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

"Peter J. Holzer" <hjp-asrg@hjp.at> Sun, 21 October 2012 21:20 UTC

Return-Path: <hjp-asrg@hjp.at>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5928E21F8599 for <asrg@ietfa.amsl.com>; Sun, 21 Oct 2012 14:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.223
X-Spam-Level:
X-Spam-Status: No, score=-0.223 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xA31oJpHAk2H for <asrg@ietfa.amsl.com>; Sun, 21 Oct 2012 14:20:43 -0700 (PDT)
Received: from zeno.hjp.at (ns1.hjp.at [212.17.106.132]) by ietfa.amsl.com (Postfix) with ESMTP id 5767021F858C for <asrg@irtf.org>; Sun, 21 Oct 2012 14:20:42 -0700 (PDT)
Received: by zeno.hjp.at (Postfix, from userid 1000) id A6634400E; Sun, 21 Oct 2012 23:20:40 +0200 (CEST)
Date: Sun, 21 Oct 2012 23:20:40 +0200
From: "Peter J. Holzer" <hjp-asrg@hjp.at>
To: asrg@irtf.org
Message-ID: <20121021212040.GE3248@hjp.at>
References: <121020072504.ZM5005@torch.brasslantern.com> <20121020214257.3127.qmail@joyce.lan>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="T7mxYSe680VjQnyC"
Content-Disposition: inline
In-Reply-To: <20121020214257.3127.qmail@joyce.lan>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 21:20:44 -0000

On 2012-10-20 21:42:57 -0000, John Levine wrote:
> >} Is there a reason why a legitimate MTA (talking to MXs, not submission
> >} servers) would want to hop around in its net?
> 
> Probably not, although I'm waiting for ESPs to figure out that if they
> send every message from a different IP,

I thought of that but I wouldn't be surprised to overflow the router's
ARP table even with our moderately sized mailing-lists (a few thousand
subscribers at most). That's why I only mentioned "one address per
customer", not "one address per message" as a likely tactic.

> it'll be much easier to process bounces and complaints since all
> they'll need is the IP to figure out what the list and address was.

Is it? For mailing-lists, I think VERP is simpler and more robust. The
IP address is buried somewhere in the Received headers of the bounced
message, so you have to parse those. For complaints to an ISP about a
customer that might indeed be useful. Depends on what information is
included in the complaint. If it contains the complete header of the
message there is probably other identifying information. It it doesn't,
chances are that the IP address isn't included, either.

> Bad guys could use it to listwash, of course, but it's not totally
> ridiculous.

There are other ways to listwash. I'm more worried that the bad guys are
using rapidly changing IP addresses to escape or overflow BLs.

	hp

-- 
   _  | Peter J. Holzer    | Der eigene Verstand bleibt gefühlt messer-
|_|_) | Sysadmin WSR       | scharf. Aber die restliche Welt blickt's
| |   | hjp@hjp.at         | immer weniger.
__/   | http://www.hjp.at/ |   -- Matthias Kohrs in desd

v2.8.7 | Report a Bug | By Email