Re: [Asrg] Too Big to Block?

Dotzero <dotzero@gmail.com> Wed, 08 July 2009 19:20 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E4BF3A6AC4 for <asrg@core3.amsl.com>; Wed, 8 Jul 2009 12:20:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSOcFqY5CTUz for <asrg@core3.amsl.com>; Wed, 8 Jul 2009 12:20:36 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by core3.amsl.com (Postfix) with ESMTP id 8A0CE3A6A70 for <asrg@irtf.org>; Wed, 8 Jul 2009 12:20:36 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 5so2167416qwd.7 for <asrg@irtf.org>; Wed, 08 Jul 2009 12:21:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=XPZfOnrovhMqiGlMmbbBRuE2S07A3b7mFmAqESGds6Y=; b=iki2+ZhOhDxzUoPGX3AutInYmkHPoxNqHbNWnr/ELqfA5HrT4W1CzIUZ3UczNmjUgG b19PM0skZeAXB1Y7rsRfzAYjz3Z644hjhhPow3ip+3TIAP5J755IpxIOTjWHuW8e0bZF wci7MC/JWZT7iNkllamnFNwz5kj1l6DVVXq6Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=V2JkH49zg6aqki2Qs8LG0RMf+qNHb/I9jD3sK1pZS56kBtCbpS9GrcJuQBJsvsbwah CTf5HOJW/aR3KlyBSNWMZsCp7DqJviNksYp3tub6Da4+b461575zPbzdfu++q1S3K59E AlEipMC/GxrhADctaCfYBB21nc7MO92fj/jbI=
MIME-Version: 1.0
Received: by 10.229.84.6 with SMTP id h6mr3785548qcl.19.1247080862406; Wed, 08 Jul 2009 12:21:02 -0700 (PDT)
In-Reply-To: <4A54E4A0.30309@nortel.com>
References: <20090623213728.1825.qmail@simone.iecc.com> <20090624160052.B5DC62428A@panix5.panix.com> <4A426B9D.7090901@mines-paristech.fr> <4A43618A.6000205@tana.it> <4A4F7DD0.4040404@billmail.scconsult.com> <4A51D35E.70306@tana.it> <4A52C36D.6040207@billmail.scconsult.com> <20090708141747.GA2822@gsp.org> <20090708155704.GN15652@verdi> <4A54E4A0.30309@nortel.com>
Date: Wed, 8 Jul 2009 15:21:02 -0400
Message-ID: <7ae58c220907081221l64fc6278u5f97bb3ea71e922f@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] Too Big to Block?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2009 19:20:37 -0000

On Wed, Jul 8, 2009 at 2:25 PM, Chris Lewis<clewis@nortel.com> wrote:
> John Leslie wrote:
>
>>   More useful is something like, "Hotmail MTA #49 is sending more spam
>> than usual right now: more severe graylisting might be called for."
>
> What good does graylisting do to a real MTA?  Unless MTA #49 is sending you
> enough email that forcing it to requeue causes it problems, it won't do
> anything useful.
>
> We've tended to let our automated defenses "fire where they may".  If MTA
> #49 is sending us so much spam that the defenses fire, they fire, and we
> don't whitelist.
>

+1

I think whitelisting has value in forcing senders that want to reach
certain receivers to engage in certain practices. I don't know that
whitelisting buys (or should buy) a sender protection from their own
bad practices. I will add a caveat to what Chris says. Some receivers
do a really good job of tuning their automatic defenses. Others are
not so careful.

> If the problem gets bad enough, we block /24s worth.  With MSN and Yahoo,
> that turns out to work particularly well, because at least with Nigerian
> floods and their provisioning methods, specific /24s tend to be
> substantially worse than others.
>
> Then we make a big public & private noise.  And sometimes things get better.
>
>

Sometimes they do. I believe der mouse commented about the big ISPs
not caring. I think they do but are having to deal with aggressive
attacks abusing their systems. On the other hand, life isn't fair <G>.