Identifying residential CPE IP addresses? (was: SORBS on autopilot?)

Jed Smith jed at jedsmith.org
Tue Jan 12 19:59:55 UTC 2010


On Jan 12, 2010, at 2:34 PM, Patrick W. Gilmore wrote:

> On Jan 12, 2010, at 2:11 PM, Michael Thomas wrote:
> 
> 3) Should people really argue over what other people do with their own machines?  You don't like SORBS, don't use it.  Someone you need to talk to likes SORBS, make them stop, or conform.  Might as well argue over a website using HTTPS when you don't like encryption.

I don't think the discussion is about SORBS, I think it's about this standards
draft that SORBS points to.  Here, I'll lay out what I'm saying simply (and
retitle the thread so the SORBS issue will go away):

  1. Your mailserver receives a connection from a previously-unknown relay.
     Although this discussion is meta to mail, it's the most prime example.

  2. Very quickly, your mailserver must make a spot decision on whether the
     connecting IP address is a residential modem or a racked server.  This
     information might be important in an administrator's decision, via his
     rules, to accept or reject any message that relay offers.

     (To reiterate: the problem is determination of sender, not an attempt
      to determine if the incoming mail is legitimate.  This is beyond that.)

  3. Currently, the solution is to consult the PTR, which this draft -- which
     coincidentally is written by the administrator of SORBS -- recommends.

  4. For other reasons laid out in this thread, PTR is not the best choice.
     Additionally, administrators of mailservers who have no idea what a PTR
     is -- although their entry fee to the Internet mail system is debatable
     it will not be discussed here -- are now punished by blocklists like
     SORBS and Trend Micro with the simple crime of not knowing to PTR their
     mail server with something that screams "static allocation, not CPE".

     I note, with a heavy hand, that there are no widely-disseminated
     standards governing the reverse DNS of an Internet host other than this
     draft, but administrators make decisions on it anyway.

  5. What else does your mailserver use?  What could it use?  Are there any
     desirable candidates for a standards-track behavior for determining the
     "class" of an IP (i.e., iPhone, home CPE, colo'd server, grid node, and
     so on).  Should there be?

My original goal here was educational -- I'd like to hear if anybody has
given this question serious pause aside from putting silly restrictions on
what can go in a PTR, and basing a heavy decision on said PTR.  Are there
any applications for such a test, outside of mail?

I've apparently hit a nerve, and I'm sorry for that.  

JS





More information about the NANOG mailing list