+1
- Mark Alley
On 3/8/2024 10:01 AM, Bill Cole via mailop wrote:
On 2024-03-08 at 09:13:32 UTC-0500 (Fri, 8 Mar 2024 15:13:32 +0100)
Stefano Bagnara via mailop <mai...@bago.org>
is rumored to have said:
Well,
I undestand you all hate OVH, but this really doesn't look like an
intended block.
Sure it does.
I tested that when I log to my @freenet.de email I am not able to
write emails to any domain whose DNS are hosted by OVH.
That really looks like an intended block...
I know plenty
of italian companies whose domain zone is at OVH: even if their email
is at Google Workspace or somewhere else they currently cannot receive
emails from @freenet.de and you are telling me this is something
freenet.de done by purpose beucase they didn't want OVH spam? I'll
believe that once a freenet.de people will confirm it.
Considering OVH is the biggest registar in europe they are not
delivering email to most european domains.
Registrars, DNS providers, and hosters are very different things, even
if they happen to sometimes be the same entity. For example, half of
the domains I own don't even use DNS from their registrar, who doesn't
even sell hosting.
OVH being a major registrar doesn't mean much. OVH providing a lot of
DNS for their registration customers means a bit more, but one can
resolve DNS indirectly so it's not huge. Being a massive hoster makes
the cost of blocking them significant, but not necessarily excessive
for some providers. Freenet.de knows their users better than you do.
They may have a thousand pinhole exemptions from that blocking making
the effective price for their customers near zero.
So, if they blocked the whole OVH ASN at their SMTP server I could
even get that (even if I'm not aware of anyone else doing that),
I block OVH ranges by announced route when I see anything in the range
sending me spam, unless there's a concrete reason not to. It's not
worthwhile to block by ASN, especially as I am not doing the blocking
in BGP.
but I
really don't believe they blocked bidirectional routing between 2 ASN
just because freenet thinks OVH is spammy. We hardly see a similar
block when there is a war between 2 countries.
All of your argumentation against this being an intentional block is
based on the fact that it isn't something YOU would do, because YOU
would find the cost unacceptable.
That's not a very useful class of reasoning, especially when it is
inconsistent with evidence. The evidence suggests a broad block of OVH
by Freenet. That should not happen easily by accident, although it
certainly could. It is far more likely that it was entirely
intentional, but lacked careful analysis of the negative effects. It
is possible that it was entirely intentional and the risks
pre-mitigated in ways that you cannot see.
Stefano
On Fri, 8 Mar 2024 at 14:49, Yuval Levy via mailop
<mailop@mailop.org> wrote:
On 2024-03-08 07:48, Stefano Bagnara via mailop wrote:
On Fri, 8 Mar 2024 at 13:04, Mark Alley <mark.al...@tekmarc.com>
wrote:
Have you considered they may be blocking OVH ASNs on their firewall?
Well, blocking the whole ASNs even to their NS sounds something very
unexpected.
Extreme, yes. Unexpected? I disagree. It is just another logical
escalation step towards the inevitable, but nothing new. Think of a
collision between the internet's echo chambers and the Great Firewall:
one side wants to control what the other side receives; and the other
side wants to control what it does not receive.
Simple Venn diagram. When the intersection between the two circles
(agreement on what both sides want to send/receive) has less net value
than one of the two separate half-moons, the concerned side may as well
block the whole ASN: the cost of sacrificing the intersection is lower
than the benefit from allowing the communication less the
filtering/sanitation cost.
Once one side decides that it gets less benefits than cost from the
communication, the other side has three strategic choices: giving more
value; causing less cost; or accepting the disconnect. They are now at
the accepting the disconnect, waiting to see who blinks first. If
no-one blinks, the disconnect becomes permanent.
The problem is compounded by aggregation on the two sides: well behaved
senders will put pressure on their side; the rats may abandon ship and
raid the next ISP with weak policies. Affected recipients will put
pressure on their side to remove the filter. The question is where
those pressures will burst. My hope is that someone at OVH will
wake up
and mop up the neighborhood that they control.
Personally, I am still looking for the ideal firewall: block all ASNs
unless permitted. And even after that, the next battlefields are
already in sight: wireless network traversal.
Yuv
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
Stefano Bagnara
Apache James/jDKIM/jSPF
VOXmail/Mosaico.io/VoidLabs
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
