North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: FW: The worst abuse e-mail ever, sverige.net
on Tue, Sep 21, 2004 at 02:04:18PM -0700, Sean Crandall wrote: > We configure our DSL customers the same way you do. Static PVC, Static > IP. Each user has a static IP and in 99% of the cases, we do not assign > any dynamic IPs. > > However, I would say that it is safe to say that the majority of the > ILECs here in the US provide DSL service where the IP is dynamic. Most > of the time, it doesn't change, but it is very possible that the next > time that the user logs in (most are also using PPPoE for the connection > setup) that the DHCP server might give them another IP. > > As such, when we have seen our IP blocks get blocked strictly because of > the rDNS entry having 'dsl' in it, a simple email to the admins > explaining that we are not providing dynamic services has gotten our > rDNS entries taken off of the blacklist. Why do you assume that an IP being static, but having generic rDNS showing it to be a DSL line, automatically makes it worthy of relaying or sending mail? I certainly don't make that assumption - rather the opposite, given my experience of the past three years. In my view of the universe, IPs with generically named rDNS should never emit mail except by way of a suitably configured MTA, which ought to have non-generic rDNS, preferably of the sort 'mail.$domain' where abuse@$domain is a live account manned by an abuse desk, rather than a generic '1-2-3-4.assignmenttype.technologytype.bigisp.example.net', where complaints to abuse@xxxxxxxxxxx may or may not make any difference. In the past 60 days, we've refused mail from ip-69-33-132-156.nyc.megapath.net (claimed to be 'hal.org', and sender was a yahoo.com account) and ip-66-80-96-99.aus.megapath.net (claimed to be 'asu.edu', and sender was an asu.edu account) and ip-66-80-90-195.iad.megapath.net (claimed to be 'ccs1.clinicofcosmeticsurgery.com', sent to an inactive account) and ip-66-80-206-37.lax.megapath.net (claimed to be 'mail.totexusa.com', sent to my account - I don't know anyone at 'totexusa.com'; both messages were backscatter from a joe job) Were we wrong to do so? I don't think so. Static or dynamic, makes little difference. Today's email services require more than the current status quo. And I haven't seen any reason to adjust my policy. I'm left with the overall impression from many on this thread that in the view of many ISPs, DNSBLs have removed the ISP's burden of policing their own networks. And that's a shame. Steve PS: this message certified "ad hominem free" :/ -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!