FW: The worst abuse e-mail ever, sverige.net

• Previous message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Next message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on Tue, Sep 21, 2004 at 02:04:18PM -0700, Sean Crandall wrote:
> We configure our DSL customers the same way you do.  Static PVC, Static
> IP.  Each user has a static IP and in 99% of the cases, we do not assign
> any dynamic IPs.  
> 
> However, I would say that it is safe to say that the majority of the
> ILECs here in the US provide DSL service where the IP is dynamic.  Most
> of the time, it doesn't change, but it is very possible that the next
> time that the user logs in (most are also using PPPoE for the connection
> setup) that the DHCP server might give them another IP.
> 
> As such, when we have seen our IP blocks get blocked strictly because of
> the rDNS entry having 'dsl' in it, a simple email to the admins
> explaining that we are not providing dynamic services has gotten our
> rDNS entries taken off of the blacklist.

Why do you assume that an IP being static, but having generic rDNS
showing it to be a DSL line, automatically makes it worthy of relaying
or sending mail? I certainly don't make that assumption - rather the
opposite, given my experience of the past three years.

In my view of the universe, IPs with generically named rDNS should never
emit mail except by way of a suitably configured MTA, which ought to
have non-generic rDNS, preferably of the sort 'mail.$domain' where
abuse@$domain is a live account manned by an abuse desk, rather than a
generic '1-2-3-4.assignmenttype.technologytype.bigisp.example.net',
where complaints to abuse at example.net may or may not make any difference.

In the past 60 days, we've refused mail from 

ip-69-33-132-156.nyc.megapath.net (claimed to be 'hal.org', and sender
was a yahoo.com account)

and

ip-66-80-96-99.aus.megapath.net (claimed to be 'asu.edu', and sender
was an asu.edu account)

and

ip-66-80-90-195.iad.megapath.net (claimed to be
'ccs1.clinicofcosmeticsurgery.com', sent to an inactive account)

and

ip-66-80-206-37.lax.megapath.net (claimed to be 'mail.totexusa.com',
sent to my account - I don't know anyone at 'totexusa.com'; both
messages were backscatter from a joe job)

Were we wrong to do so? I don't think so. Static or dynamic, makes
little difference. Today's email services require more than the current
status quo. And I haven't seen any reason to adjust my policy.

I'm left with the overall impression from many on this thread that in
the view of many ISPs, DNSBLs have removed the ISP's burden of policing
their own networks. And that's a shame.

Steve

PS: this message certified "ad hominem free" :/

-- 
join us!   http://hesketh.com/about/careers/web_designer.html       join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!

• Previous message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Next message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]