ICANN opens up Pandora's Box of new TLDs
regnauld at catpipe.net
Sat Jun 28 11:18:44 CDT 2008
Rich Kulawiec (rsk) writes:
> I don't see a problem with not accepting mail from clueless ISPs or their
> customers. The requirement for rDNS has been around for decades.
> Anyone who's not aware of it has no business running a mail server.
Requirement ? What requirement ? There's no requirement for
reverse DNS for email in any RFC. Not that RFCs are ideal references
for mail operation in general. Rejecting on missing or incorrectly
formatted HELO/EHLO is legitimate, as well as unknown sender or
recipient domain, as these are within the control of the sender,
or the sender's organisation. Reverse DNS is not. It's all subjective
> people to document the use of botnet PCs to send spam. And of course
> That's why this particular measure doesn't work for them, but other
> best practices do, e.g., rejecting mail from known-dynamic/generic IP space
> or known-dynamic/generic namespace unless it's your own customer or is
> being submitted with authentication non-port 25
"known-dynamic" is extremely up to debate. Frankly, blacklisting
entire /16s because individual customer PCs have been hijacked is
absurd, but I guess colateral damage is acceptable. Probably bounces
will be the next thing to disappear.
> > > Yes, some of these also impact non-spamming but broken mail servers,
> > > however, this is usually the only way to get the attention of their
> > > operators and persuade them to effect repairs.
> > You're kidding, right ? They don't give a rat's ass.
> Then they should not be troubled that their mail is being rejected.
The operators don't care. The customers do. The customers don't have
a choice, often. So you're right, the operator is not troubled
that their customer's mail is being rejected.
> > "Bomb the bridge, salt the earth" approach ?
> I'm not the one of the people who thought .info was a good idea (what,
> domains in other TLDs don't provide "information"?) I'm not the one
> who decided to sell domains in that TLD to spammers by the tens of
> thousands, thus effectively devaluing it for everyone else.
Because .org and .com don't do that as well ?
> I suggest laying blame on the people who are responsible for the current
> state of affairs, not on the recipients of abuse.
I'm not laying blame here, just pointing out that rejecting mail
from IP addresses for which no PTR delegation exists is unwarranted,
but it's your system, so of course it's up to you. Don't go preaching
it as a best practice, though.
More information about the NANOG