Fun new policy at AOL

Simon Waters Simon at wretched.demon.co.uk
Thu Aug 28 17:32:37 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Demon announcement was interesting to me as a subscriber.

Historically Demon allocated static IP addresses to (nearly) all dial up
users.

For many businesses this was a cheap and effective way to have their own
email servers running. For those of us running businesses (from home) in
areas without ADSL, it is still convenient, although suddenly looks a
lot less good value for money.

I understand AOL have asked Demon for a list of all legitimate sources
of SMTP traffic. Seems AOL intend to maintain a whitelist of senders,
where as historically I was led to believe they maintained their own
blacklist.

The policy is flawed, as maintaining a straight list of legitimate
senders is a huge task. They have already failed at maintaining accurate
blacklists, and accurate lists of dynamic IP address ranges, so I don't
see why this one will work better.

I can't believe the effort wouldn't be better spent on some easier task
(like replacing SMTP! or agreeing reverse DNS entries to indicate
legitimate mail senders (or entries to flag dynamic IP addresses -
probably easier to implement) which stops virus and spam email (sent
without the DNS maintainers knowledge) - obviously should be called an
XM record).

I understand the issues with dynamic IP addresses, but where an IP
address is readily traceable, blacklisting, not whitelisting seems the
obvious answer.

End users do have a various legitimate reasons for wanting to send SMTP
mail from their own static IP addresses. Not least for Demon it has been
more reliable, their own servers often being overworked through mailing
lists, viruses and spam. Also the SMTP relays often ended up in various
blacklists because they were relaying spam from one of the many
thousands of subscribers.

Being forced to use the ISP SMTP relay merely means more multistage
relays, and big ISP SMTP servers relay spam much more efficiently than
their subscribers boxes on the end of narrow pipes, and worse you can't
blacklist the big ISPs SMTP relays without losing bucket loads of
genuine mail.

In a similar fashion as someone who does work with DNS I run my own DNS
caching server (sometimes even caching off the ICANN root servers ;-).
I'd be somewhat upset if my ISP insisted I send all DNS queries via
their caches. The various country code maintainers would probably get
less reports, so I guess that is a plus for someone ;-)

Not every end user is some naive computer user who needs lots of hand
holding.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/TjywGFXfHI9FVgYRApWxAKCuVNkifrrKkHhUm5Fvgxoge3OXfwCdFSoS
Hrl4YkfjXYRrMeHDD0zke60=
=r5d+
-----END PGP SIGNATURE-----



More information about the NANOG mailing list