Re: marking dynamic ranges, was fixing insecure email infrastructure

[Suresh Ramasubramanian <ops.lists () gmail com>]

On Tue, 25 Jan 2005 18:03:02 +0100, Markus Stumpf
<maex-lists-nanog () space net> wrote:
> > I'll just point out that you are generalizing based on a case you see
> > in your mailserver
>
> I am generalizing on what I see from about 300 mailservers and about
> 1 million messages a day.

You should see the trends I describe in any case - even with a
comparatively smaller userbase like this.

> How did you calculate that "40% of my legitimate email"?
> If you get 60 emails from 60 different hosts that have revDNS and you
> get 40 mails from two hosts without revDNS then also "40% of your

I have not noticed that it is a case of just two (or even two dozen)
hosts  sending me nearly all that email

> legitimate email" is coming from servers without revDNS, but in fact
> the precentage of servers without revDNS would be around 3.2%. Quite
> a difference.

Moot though - I care about legitimate email that gets dropped if we
start rejecting traffic from hosts with no rDNS.

Please see if you have any customers who are in regular touch with
their friends or relatives in asia or africa.

> As you can see, we don't filter out "no revDNS", too. But setting
> MTAMARK records would give the admins of the receiving mailservers
> a hint as how to classify the sending IP.

CSV is what I am hoping for .. but I wouldnt depend on any of these
proposals.  Helo checks, dnsbls etc catch a ton of spam for us.  Large
providers implementing CSV will help us, as will our implementing BATV
and/or signing outbound mail with domainkleys (which would help us
identify and cut down on the number of backscatter bounces)

This is rapidly growing OT for nanog though so I'll stop here.

--srs