Re: How I deal with (false positive) IP-address blacklists...

[Dave CROCKER <dhc2@dcrocker.net>]

Tony,

Please re-read what Ned wrote.  It was about evidence based on extensive 
experience, as opposed to evidence based on far less experience.

His note had nothing to do with "sacrificing" smaller operators.  It had to do 
with smaller operators who are more likely to have much less expertise.

The thread is about the problem with basing strategic protocol decisions on tiny 
sample sizes, often numbering one datum.

As for the reason for false positives, they are numerous.  But the underlying 
issue is with the inherent requirement for heuristics.  That's not due to some 
operators being big or small and/or insensitive or incompetent.  It's the nature 
of the technical and operational realities.  Heuristics produce statistical 
results and statistics invite a trade-off between Type I and Type II errors.  A 
tradeoff means you can't get either perfect.

Some operators (big or small) choose to deal with that fact badly.  Others deal 
with it well.

The tenor of the topic, on this list, is that vagaries in operational skill 
concerning email abuse are somehow different from the vagaries we see with 
routing, reliability, user interface design problems, and all other manner of 
real-world uncertainty.

It isn't.

d/


Tony Hain wrote:
> ned+ietf@mauve.mrochek.com wrote:
>> ...
>> Maybe it's just me, but I'll take the evidence presented by  someone
>> who has access to the operational statistics for a mail system
>> that services 10s of millions of end users and handles thousands of  
>> outsourced email setups over someone like myself who runs
>> a tiny little setup any day.
> 
> While large scale is important, small scale setups must not be sacrificed
> along the way. We must not create a system where a small cartel of players
> hold the keys to 'interoperability' at the deployment level. Current
> filtering practice creates way too many false positives already because the
> large organizations can't afford to bother with identifying the source. My
> lowly server just handles my wife, myself, and my daughter's business, and
> way too often I hear complaints about bounces because largeispmailer.com is
> refusing to accept mail from an insignificant non-member-of-the-club server.
> 
> 
> By no means do I claim enough knowledge about mail services to offer
> anything more than the viewpoint of an amateur trying to run a small server.
> I would agree with the comments along the way that the current
> state-of-the-art is way too hard, and I am sure my configuration is not
> correct or complete because I get mail from the process every few hours
> stating -- error: gpg required but not found!   yet every time I try to
> resolve that I can't figure out what is wrong or if a symbolic link is
> missing. Even with help from example configs at jck & psg, it took a fair
> amount of time and experimentation to cut over from the previous mta that
> was being crushed by the spam load. Life is better now, and as of a few
> hours ago mail from the ietf list is flowing over IPv6, but I know the MX
> record still needs work because the IPv6 path is being locally redirected.
> 
> Tony
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> 

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf