Re: [ietf-smtp] own mail server: DNS / static IP / no bad reputation?

Ned Freed <ned.freed@mrochek.com> Mon, 12 October 2020 21:33 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0432B3A09FC for <ietf-smtp@ietfa.amsl.com>; Mon, 12 Oct 2020 14:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMfkQE8TAw43 for <ietf-smtp@ietfa.amsl.com>; Mon, 12 Oct 2020 14:33:47 -0700 (PDT)
Received: from plum.mrochek.com (plum.mrochek.com [172.95.64.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D75E63A09F8 for <ietf-smtp@ietf.org>; Mon, 12 Oct 2020 14:33:47 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQQ33JGR0W005TC4@mauve.mrochek.com> for ietf-smtp@ietf.org; Mon, 12 Oct 2020 14:28:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1602538124; bh=u5WiDoP1tEopkjuYQNC3cWLMa/1zo5Bx2Hy292Mi07s=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=YdkXBIQvmxHwiGyOYRhVPg6qZCQAMEB8+8dHTqfhtEdnkRCY6zSfWG05mmHY/CHbW dPiqKll4C3tcN7aATGSRijYJltMXtpo/G25GTUd5QRrs4GPAqw4XiE13n+tos/xL+k LadIeBSt+fiVO99z0vA9o17qdzhi+QM7/XYrT0cc=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii; format=flowed
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQN4TDY6V4005PTU@mauve.mrochek.com>; Mon, 12 Oct 2020 14:28:41 -0700 (PDT)
Cc: Ned Freed <ned.freed@mrochek.com>, ietf-smtp@ietf.org
Message-id: <01RQQ33GYXOW005PTU@mauve.mrochek.com>
Date: Mon, 12 Oct 2020 14:03:57 -0700 (PDT)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 12 Oct 2020 16:38:24 -0400" <3d771644-efdf-7e69-9f1e-358196de08@taugh.com>
References: <01RQPKW2Y2E8005PTU@mauve.mrochek.com> <20201012184303.C3C2B234F9AF@ary.qy> <01RQQ0B48LT0005PTU@mauve.mrochek.com> <3d771644-efdf-7e69-9f1e-358196de08@taugh.com>
To: John R Levine <johnl@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/zTeVTFKVLrl3KV6reBMq6Lf14zk>
Subject: Re: [ietf-smtp] own mail server: DNS / static IP / no bad reputation?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2020 21:33:49 -0000

> > Please reread my message, this time noting the examples I gave. This goes well
> > past happenstance spam sewer adjacency and into legit senders not following
> > rules somebody just made up or changed.

> Could you be clearer about "a single noisy neighbor sending a bit too
> much mail without jumping through the necessary hoops."

Since this is a neighbor of a friend (I'm relying on what was said when the
block was removed) I don't know for sure the specific hoop that wasn't jumped
through, but given the players involved I'd venture to guess that it had to do
with exceeding a rate limit.

In contrast, the problem I was dealing with on my own mail system was resolved
by a combination of limiting the number of open connections and the number of
transactions attempted on those connections, along with setting up an MX rollup
so all the domains this particular MSP serves come under the same restriction.

> I've seen individual senders blocked for being new (it was pretty comical
> what MS did when I set up a 30 day test account at O365 last month) but I
> haven't seen that block an entire IP range.  Bot spam will do that.

I don't think I've seen a block or rate limit for being new propogate to other,
established IPs in the range. But I have seen the time it takes for a source to
be considered "OK" increase.

Our commercial delivery service has dozens - hundreds - of rules implementing a
myraid of restrictions in order to be able to send commercial opt-in mail
successfully. And that's fine, I guess, but when an elaborate setup is needed
just to be a small sender, and even that can be blown away on a whim, I think
things have gone too far.

> > Is "filter responsibly" also off the table?

> Depends how much you want to pay people to accept your mail.  I don't
> think we want to go there.

My problem here is that that you seem content with coming up with an excuse
for any blocking people do, no matter how capricious, no matter how arbitrary.

Left unchecked, the outcome will be that email becomes the sole province of a
handful of large MSP/ISPs. And while I'm sure these providers think they are
smart enough to keep the current email service running in such a world,
experience with other sorts of social media indicates they aren't nearly as
smart as they need to be, or for that matter as think they are.

				Ned