ICANN opens up Pandora's Box of new TLDs

Rich Kulawiec rsk at gsp.org
Sat Jun 28 18:51:04 UTC 2008

On Sat, Jun 28, 2008 at 06:18:44PM +0200, Phil Regnauld wrote:
> Rich Kulawiec (rsk) writes:
> > 
> > I don't see a problem with not accepting mail from clueless ISPs or their
> > customers.  The requirement for rDNS has been around for decades.
> > Anyone who's not aware of it has no business running a mail server.
> 	Requirement ?  What requirement ?  There's no requirement for
> 	reverse DNS for email in any RFC.

There are de jure requirements (e.g., RFCs) and de facto requirements
(e.g., best practices).  de jure: RFC 1912, I believe, indicates that
all Internet hosts should have rDNS.  de facto: attempting run a
mail server without rDNS is increasingly a losing proposition, as everyone
with any clue at all is refusing all mail from such misconfigured/broken/
hijacked hosts.

> 	Reverse DNS is not. 

Not directly, unless delegated, of course.  But mail server operators
who choose incompetent/lazy/cheap ISPs should not be surprised if they
are given incompetent/lazy/cheap service.  Quality ISPs are well aware
of the de jure and de facto requirements and have no problem meeting them.

> 	"known-dynamic" is extremely up to debate.  Frankly, blacklisting
> 	entire /16s because individual customer PCs have been hijacked is
> 	absurd, but I guess colateral damage is acceptable. 

There is no such thing as "collateral damage" because there is no such
thing as "damage" in this context.  I explained this in detail on the
ietf-asrg mailing list a couple of months ago.

And given that any estimate of hijacked systems under 100 million is
laughably out-of-date, it's a best practice to blacklist ALL such IP
space and namespace pre-emptively.  There's no point in waiting for
evidence of abuse to show up: it's inevitable.  End user systems should
either be using their designated outbound mail relays *or* submitting on
other ports with authentication.

> Probably bounces will be the next thing to disappear.

Bounces *should* disappear, since it's a best practive to always reject
(during the SMTP conversation) and never bounce.  Failure to do so leads
to outscatter, which is spam, and to blacklisting of the emitting hosts.

> 	The operators don't care.  The customers do.  The customers don't have
> 	a choice, often.  So you're right, the operator is not troubled
> 	that their customer's mail is being rejected.

Then that's a matter between the customer and the operator.  Customers who
have chosen poorly are likely to have issues.  Customers who have not availed
themselves of other options (such as a third-party relay through a host
whose operators actually knows what they're doing) will get...what they get.

> > I'm not the one of the people who thought .info was a good idea (what,
> > domains in other TLDs don't provide "information"?)  I'm not the one
> > who decided to sell domains in that TLD to spammers by the tens of
> > thousands, thus effectively devaluing it for everyone else.
> 	Because .org and .com don't do that as well ?

I see a fundemental difference here.  .org is for organizations, .com
for commercial operations, .net for network service operations.   I see
valid uses for those.  I see none for .info.  Its main reason for existence
is to provide a cash cow to registrars.

> Don't go preaching it as a best practice, though.

<shrug> It's been a best practice for years.


More information about the NANOG mailing list