Address Assignment Question

Jérôme Nicolle jerome at ceriz.fr
Tue Jun 21 01:27:54 UTC 2011


2011/6/21 Tony Finch <dot at dotat.at>:
> Spamhaus. And none of your complaints apply to them.

Oh really ? So the blame is to throw at Google Docs administrators for
beeing blacklisted (on the SBL, which should contain only "verified
spam source", thus implying discussion with the service manager) ? And
BTW, who is Spamhaus to claim any legitimacy about who can or can't
register a domain ? (referal to the .at phishing campaign).

Alright, those are probably exceptions, and _some_ lists may be
usefull, but obviously noone can claim to have an efficient "zero
false-positive" list. Blindly relying on those lists _will_ lead to
false positives and are a comodity for mail server administrators that
might lead to sloopy filtering and weaker control over their mail
infrastructure.

Also, such lists are _centralized_ systems that *might* (worst case
scenario) be spotted for attacks. What would be your mail
infrastructure load if you rely on a list that disapear overnight ?
Yeah, right, anycasted DNS infrastructure, redundancy over 4
continents, that's fine for most of us ('til it fails).

In my opinion, the use of RBLs as a first level filter for incoming
mail, instead of greylisting, rDNS and strict protocol compliance
(cluttered with some Exchange bug-compatibility perhaps), is less
reliable, so it's against what I shall consider as a best practice.

I hope that clarifies my point of view, and please excuse me for the
previous insults, I just have a hard time reading "hey, my critical
services are dependant of an external, centralized entity with no
transparency and that's good for the Internet" without compulsive
expressions including F. words.

-- 
Jérôme Nicolle




More information about the NANOG mailing list