Identifying residential CPE IP addresses? (was: SORBS on autopilot?)
jed at jedsmith.org
Tue Jan 12 19:59:55 UTC 2010
On Jan 12, 2010, at 2:34 PM, Patrick W. Gilmore wrote:
> On Jan 12, 2010, at 2:11 PM, Michael Thomas wrote:
> 3) Should people really argue over what other people do with their own machines? You don't like SORBS, don't use it. Someone you need to talk to likes SORBS, make them stop, or conform. Might as well argue over a website using HTTPS when you don't like encryption.
I don't think the discussion is about SORBS, I think it's about this standards
draft that SORBS points to. Here, I'll lay out what I'm saying simply (and
retitle the thread so the SORBS issue will go away):
1. Your mailserver receives a connection from a previously-unknown relay.
Although this discussion is meta to mail, it's the most prime example.
2. Very quickly, your mailserver must make a spot decision on whether the
connecting IP address is a residential modem or a racked server. This
information might be important in an administrator's decision, via his
rules, to accept or reject any message that relay offers.
(To reiterate: the problem is determination of sender, not an attempt
to determine if the incoming mail is legitimate. This is beyond that.)
3. Currently, the solution is to consult the PTR, which this draft -- which
coincidentally is written by the administrator of SORBS -- recommends.
4. For other reasons laid out in this thread, PTR is not the best choice.
Additionally, administrators of mailservers who have no idea what a PTR
is -- although their entry fee to the Internet mail system is debatable
it will not be discussed here -- are now punished by blocklists like
SORBS and Trend Micro with the simple crime of not knowing to PTR their
mail server with something that screams "static allocation, not CPE".
I note, with a heavy hand, that there are no widely-disseminated
standards governing the reverse DNS of an Internet host other than this
draft, but administrators make decisions on it anyway.
5. What else does your mailserver use? What could it use? Are there any
desirable candidates for a standards-track behavior for determining the
"class" of an IP (i.e., iPhone, home CPE, colo'd server, grid node, and
so on). Should there be?
My original goal here was educational -- I'd like to hear if anybody has
given this question serious pause aside from putting silly restrictions on
what can go in a PTR, and basing a heavy decision on said PTR. Are there
any applications for such a test, outside of mail?
I've apparently hit a nerve, and I'm sorry for that.
More information about the NANOG