Attn MCI/UUNet - Massive abuse from your network

Paul Vixie vixie at vix.com
Fri Jun 25 00:54:14 UTC 2004


> spamhaus has gotten too agressive.
> Its now preventing too much legitimate email.

that's funny, really funny.  s/spamhaus/maps/ or s/spamhaus/sorbs/ or indeed
look at any receiver-side filtering mechanism that gets a little traction,
and sooner or later folks will say it's too aggressive and prevents too much
legitimate e-mail.

"the internet" as a disintermediator is going to cause more things like maps
and spamhaus and sorbs to be created and to become successful/effective over
time.  the only way to remain a successful sender of e-mail is to find a way
to thread all of those needles at once, plus new ones that come along later.

same thing for anti-spam features of common MTA's.  once in a while someone
can't get e-mail to me because they don't have a DNS-PTR or DNS-MX, or
because their SMTP-HELO doesn't match their DNS-PTR, and they complain,
quite rightly, that RFC821 doesn't require them to do it and that i'm in
violation of the protocol by rejecting their e-mail.  i usually respond by
telling them my fax number.  they usually respond by changing their DNS or
SMTP configuration to conform to my violations of the protocol.  lather,
rinse, repeat.

somebody told me the other day that we couldn't implement graylisting here
because a lot of mail relays wouldn't retry for way too long, or would retry
too quickly, or would retry from a different ip address each time, or etc.
i said "our fax number is on the web page, so senders will have recourse."

spam is fundamentally an exercise in unilateral cost shifting, by advertisers
toward eyeballs, with all kinds of middlemen.  to cope with this, these costs
are going to have to be shifted elsewhere.  it would be loverly to shift them
back toward advertisers, with fines and lawsuits and lost connectivity and
increased transit disconnection/reconnection fees, but that's not working.
(compare the u.s. federal anti-spam law with california's to see what i mean.)

so, the costs are being shifted toward legitimate e-mail senders.  oh well.
if somebody can't reach you because they don't know how to thread the needle,
then send them your fax number or postal address.  getting legitimate e-mail
has to become the sender's problem, because receiver costs are too high now.

i'm not preaching that this should be so; i'm explaining that it's become so.
it's like with chris and sean not being able to disco their spewing endsystems:
just because the source-provider or transit-provider doesn't make connectivity
less available to these spewers, doesn't mean it won't become less available.
all it does is change who does it, and it usually ends up getting done by
folks whose tools aren't as sharp as the (source|transit)-provider's.

it's a very twisted variation on "you broke it, you bought it."



More information about the NANOG mailing list