Re: bloomberg on supermicro: sky is falling
The risks of VPN aren't in the VPN itself, they are in the continuous network connection architecture. 90%+ of VPN interconnects could be handled cleanly, safely, and reliably using HTTPS, without having to get internal network administration involved at all. And the risks of key exposure with HTTPS are exactly the same as the risks of having one end or the other of your VPN compromised. As it is, VPN means trusting the network admins at your peer company. On 10/08/2018 12:15 PM, valdis.kletni...@vt.edu wrote: On Mon, 08 Oct 2018 08:53:55 -0500, Daniel Taylor said: Especially when you have companies out there that consider VPN a reasonable way to handle secure data transfer cross-connects with vendors or clients. At some point, you get to balance any inherent security problems with the concept of using a VPN against the fact that while most VPN software has a reasonably robust point-n-drool interface to configure, most VPN alternatives are very much "some assembly required". Which is more likely? That some state-level actor finds a hole in your VPN software, or that somebody mis-configures your VPN alternative so it leaks keys and data all over the place?
Re: bloomberg on supermicro: sky is falling
That would be one way, but a lot of the problem is unplanned cross-access. It's (relatively) easy to isolate network permissions and access at a single location, but once you have multi-site configurations it gets more complex. Especially when you have companies out there that consider VPN a reasonable way to handle secure data transfer cross-connects with vendors or clients. On 10/07/2018 10:53 PM, Naslund, Steve wrote: You just need to fire any contractor that allows a server with sensitive data out to an unknown address on the Internet. Security 101. Steven Naslund From: Eric Kuhnke >many contractors *do* have sensitive data on their networks with a gateway out to the public Internet. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
Personally? If the price were the same, I'd go with 50/50. That way my uploads would take even less time. It isn't about the averaged total, it's about how long each event takes, and backing up 4GB of files off-site shouldn't have to take an hour. On 02/27/2015 03:11 PM, Scott Helms wrote: Daniel, 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. Which would you choose, 50/50 or 75/25? My point is not that upstream speed isn't valuable, but merely that demand for it isn't symmetrical and unless the market changes won't be in the near term. Downstream demand is growing, in most markets I can see, much faster than upstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
I'm clearly not a normal user, or I wouldn't be here. Normal users have never experienced high-speed symmetrical service. People don't miss what they have never had. On 03/02/2015 08:09 AM, Scott Helms wrote: That's not the norm for consumers, but the important thing to understand is that for most of the technologies we use for broadband there simply is less upstream capacity than downstream. That upstream scarcity means that for DSL, DOCSIS, PON, WiFi, and LTE delivering symmetrical upstream bandwidth will cost the service provider more which means at some point it will cost consumers more. WiFi is a special case, while there is no theoretical reason it must be asymmetrical but it works that way in practice because dedicated APs invariably have both higher transmit power and much better antenna gain. The average AP in the US will put out a watt or more while clients are putting out ~250 milliwatts and with 0 antenna gain. On Mar 2, 2015 8:58 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Personally? If the price were the same, I'd go with 50/50. That way my uploads would take even less time. It isn't about the averaged total, it's about how long each event takes, and backing up 4GB of files off-site shouldn't have to take an hour. On 02/27/2015 03:11 PM, Scott Helms wrote: Daniel, 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. Which would you choose, 50/50 or 75/25? My point is not that upstream speed isn't valuable, but merely that demand for it isn't symmetrical and unless the market changes won't be in the near term. Downstream demand is growing, in most markets I can see, much faster than upstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 tel:%28612%29235-5711 -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
On 02/27/2015 04:49 PM, Naslund, Steve wrote: On Fri, Feb 27, 2015 at 3:53 PM, Scott Helms khe...@zcorum.com wrote: My point is that the option should be there, at the consumer level. Why? What's magical about symmetry? Is a customer better served by having a 5mbps/5mbps over a 25mbps/5mbps? If the option sells, it will be offered. It didn't. We offer symmetric DLS residentially and it went over like a lead balloon. Most people don't know what having a faster upstream would get them (symmetrical or not). Heck, most people only know that they got the cheapest connection with the fastest top-line bandwidth number because marketers don't know how to sell upstream bandwidth (or don't care to). -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
What do those 25 and 50Mb/s download rates amount to in practice? Statistically speaking, those might *be* symmetric. On 03/02/2015 08:41 AM, Scott Helms wrote: Daniel, For the third or fourth time in this discussion we are tracking and customer satisfaction for users who do have symmetrical bandwidth 24 mbps and have for a number of years. We see customer usage patterns and satisfaction being statically the same on 25/25 and 25/8 accounts. The same is true when we look at 50/50 versus 50/12 accounts. On Mar 2, 2015 9:22 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: I'm clearly not a normal user, or I wouldn't be here. Normal users have never experienced high-speed symmetrical service. People don't miss what they have never had. On 03/02/2015 08:09 AM, Scott Helms wrote: That's not the norm for consumers, but the important thing to understand is that for most of the technologies we use for broadband there simply is less upstream capacity than downstream. That upstream scarcity means that for DSL, DOCSIS, PON, WiFi, and LTE delivering symmetrical upstream bandwidth will cost the service provider more which means at some point it will cost consumers more. WiFi is a special case, while there is no theoretical reason it must be asymmetrical but it works that way in practice because dedicated APs invariably have both higher transmit power and much better antenna gain. The average AP in the US will put out a watt or more while clients are putting out ~250 milliwatts and with 0 antenna gain. On Mar 2, 2015 8:58 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Personally? If the price were the same, I'd go with 50/50. That way my uploads would take even less time. It isn't about the averaged total, it's about how long each event takes, and backing up 4GB of files off-site shouldn't have to take an hour. On 02/27/2015 03:11 PM, Scott Helms wrote: Daniel, 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. Which would you choose, 50/50 or 75/25? My point is not that upstream speed isn't valuable, but merely that demand for it isn't symmetrical and unless the market changes won't be in the near term. Downstream demand is growing, in most markets I can see, much faster than upstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms -- Daniel Taylor VP Operations Vocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 tel:%28612%29235-5711 tel:%28612%29235-5711 -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 tel:%28612%29235-5711 -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
My apologies for the implication. I meant that on the Internet as a whole it is unusual for such speeds to actually be realized in practice due to various issues. 8-10Mb/s seems to be what one can expect without going to distributed protocols. On 03/02/2015 09:06 AM, Scott Helms wrote: Daniel, The sold speeds are all actually less than the actual speeds. The PON customers are slightly over provisioned and the DOCSIS customers are over provisioned a bit more. On Mar 2, 2015 10:01 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: What do those 25 and 50Mb/s download rates amount to in practice? Statistically speaking, those might *be* symmetric. On 03/02/2015 08:41 AM, Scott Helms wrote: Daniel, For the third or fourth time in this discussion we are tracking and customer satisfaction for users who do have symmetrical bandwidth 24 mbps and have for a number of years. We see customer usage patterns and satisfaction being statically the same on 25/25 and 25/8 accounts. The same is true when we look at 50/50 versus 50/12 accounts. On Mar 2, 2015 9:22 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: I'm clearly not a normal user, or I wouldn't be here. Normal users have never experienced high-speed symmetrical service. People don't miss what they have never had. On 03/02/2015 08:09 AM, Scott Helms wrote: That's not the norm for consumers, but the important thing to understand is that for most of the technologies we use for broadband there simply is less upstream capacity than downstream. That upstream scarcity means that for DSL, DOCSIS, PON, WiFi, and LTE delivering symmetrical upstream bandwidth will cost the service provider more which means at some point it will cost consumers more. WiFi is a special case, while there is no theoretical reason it must be asymmetrical but it works that way in practice because dedicated APs invariably have both higher transmit power and much better antenna gain. The average AP in the US will put out a watt or more while clients are putting out ~250 milliwatts and with 0 antenna gain. On Mar 2, 2015 8:58 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Personally? If the price were the same, I'd go with 50/50. That way my uploads would take even less time. It isn't about the averaged total, it's about how long each event takes, and backing up 4GB of files off-site shouldn't have to take an hour. On 02/27/2015 03:11 PM, Scott Helms wrote: Daniel, 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. Which would you choose, 50/50 or 75/25? My point is not that upstream speed isn't valuable, but merely that demand for it isn't symmetrical and unless the market changes won't be in the near term. Downstream demand is growing, in most markets I can see, much faster than upstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 tel:%28678%29%20507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms -- Daniel Taylor VP Operations Vocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 tel:%28612%29235-5711
Re: Verizon Policy Statement on Net Neutrality
But by this you are buying into the myth of the mean. It isn't that most, or even many, people would take advantage of equal upstream bandwidth, but that the few who would need to take extra measures unrelated to the generation of that content to be able to do so. Given symmetrical provisioning, no extra measures need to be taken when that 10 year old down the street turns out to be a master musician. On 02/27/2015 11:59 AM, Scott Helms wrote: This is true in our measurements today, even when subscribers are given symmetrical connections. It might change at some point in the future, especially when widespread IPv6 lets us get rid of NAT as a de facto deployment reality. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 12:48 PM, Naslund, Steve snasl...@medline.com wrote: How about this? Show me 10 users in the average neighborhood creating content at 5 mbpsPeriod. Only realistic app I see is home surveillance but I don't think you want everyone accessing that anyway. The truth is that the average user does not create content that anyone needs to see. This has not changed throughout the ages, the ratio of authors to readers, artists to art lovers, musicians to music lovers, YouTube cat video creator to cat video lovers, has never been a many to many relationship. On 2015-02-27 12:13, valdis.kletni...@vt.edu wrote: Consider a group of 10 users, who all create new content. If each one creates at a constant rate of 5 mbits, they need 5 up. But to download all the new content from the other 9, they need close to 50 down. And when you expand to several billion people creating new content, you need a *huge* pipe down. Steven Naslund Chicago IL -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
The statistics certainly *should* be used when provisioning aggregate resources. But even if 1% of users would reasonably be using a fully symmetric link to its potential, that's a good reason to at least have such circuits available in the standard consumer mix, which they aren't today. On 02/27/2015 01:30 PM, Scott Helms wrote: Daniel, Well, I wouldn't call using the mean a myth, after all understanding most customer behavior is what we all have to build our business cases around. If we throw out what customers use today and simply take a build it and they will come approach then I suspect there would fewer of us in this business. Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers across North America using FTTH (mostly GPON), DOCSIS cable modems, and various flavors of DSL. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:21 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: But by this you are buying into the myth of the mean. It isn't that most, or even many, people would take advantage of equal upstream bandwidth, but that the few who would need to take extra measures unrelated to the generation of that content to be able to do so. Given symmetrical provisioning, no extra measures need to be taken when that 10 year old down the street turns out to be a master musician. On 02/27/2015 11:59 AM, Scott Helms wrote: This is true in our measurements today, even when subscribers are given symmetrical connections. It might change at some point in the future, especially when widespread IPv6 lets us get rid of NAT as a de facto deployment reality. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 12:48 PM, Naslund, Steve snasl...@medline.com mailto:snasl...@medline.com wrote: How about this? Show me 10 users in the average neighborhood creating content at 5 mbpsPeriod. Only realistic app I see is home surveillance but I don't think you want everyone accessing that anyway. The truth is that the average user does not create content that anyone needs to see. This has not changed throughout the ages, the ratio of authors to readers, artists to art lovers, musicians to music lovers, YouTube cat video creator to cat video lovers, has never been a many to many relationship. On 2015-02-27 12:13, valdis.kletni...@vt.edu mailto:valdis.kletni...@vt.edu wrote: Consider a group of 10 users, who all create new content. If each one creates at a constant rate of 5 mbits, they need 5 up. But to download all the new content from the other 9, they need close to 50 down. And when you expand to several billion people creating new content, you need a *huge* pipe down. Steven Naslund Chicago IL -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 tel:%28612%29235-5711 -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
My point is that the option should be there, at the consumer level. If not for fully symmetrical service (I admit that 50MB/s upstream is a tough pipe to fill), at least for significantly higher upstream service than is currently available in most neighborhoods. There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. On 02/27/2015 02:25 PM, Scott Helms wrote: Daniel, We'd have to come to some standard definition of, But even if 1% of users would reasonably be using a fully symmetric link to its potential... As I said, I have visibility into a large number of symmetric connections and without exception they'd fit well into a plan that offered upstreams with that had a fractional speed of the downstream. Now, keep in mind I'm not talking about 1/10 as a ratio here, but 1/5 would accommodate ~99.2% and 1/4 would fit ~99.9%. It's also important to note that all of these accounts are in the 25mbps down territory so their upstreams are 5mbps. What I see when I look at customer satisfaction ratings is a very strong correlation with low uplink speeds and a high satisfaction rate when we look at uplink speeds greater than 4mbps. What I don't see is an increase in customer satisfaction as upload speeds go past ~6mbps. Conversely, increases in customer satisfaction with correlate with increases in download speeds past ~30mbps before the correlation starts weakening. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:57 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: The statistics certainly *should* be used when provisioning aggregate resources. But even if 1% of users would reasonably be using a fully symmetric link to its potential, that's a good reason to at least have such circuits available in the standard consumer mix, which they aren't today. On 02/27/2015 01:30 PM, Scott Helms wrote: Daniel, Well, I wouldn't call using the mean a myth, after all understanding most customer behavior is what we all have to build our business cases around. If we throw out what customers use today and simply take a build it and they will come approach then I suspect there would fewer of us in this business. Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers across North America using FTTH (mostly GPON), DOCSIS cable modems, and various flavors of DSL. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:21 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: But by this you are buying into the myth of the mean. It isn't that most, or even many, people would take advantage of equal upstream bandwidth, but that the few who would need to take extra measures unrelated to the generation of that content to be able to do so. Given symmetrical provisioning, no extra measures need to be taken when that 10 year old down the street turns out to be a master musician. On 02/27/2015 11:59 AM, Scott Helms wrote: This is true in our measurements today, even when subscribers are given symmetrical connections. It might change at some point in the future, especially when widespread IPv6 lets us get rid of NAT as a de facto deployment reality. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 12:48 PM, Naslund, Steve -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: Verizon Policy Statement on Net Neutrality
On 02/27/2015 02:53 PM, Scott Helms wrote: My point is that the option should be there, at the consumer level. Why? What's magical about symmetry? Is a customer better served by having a 5mbps/5mbps over a 25mbps/5mbps? Why not 25/25? 50MB/s might be tough to fill, but even at home I can get good use out of the odd 25MB/s upstream burst for a few minutes. There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. Until we get NAT out of the way, this is actually much harder to leverage than you might think. I don't think there is anything special about symmetrical bandwidth, I do think upstream bandwidth usage is going up and will continue to go up, but I don't see any evidence in actual performance stats or customers sentiment to show that it's going up as fast as downstream demand. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 3:36 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: My point is that the option should be there, at the consumer level. If not for fully symmetrical service (I admit that 50MB/s upstream is a tough pipe to fill), at least for significantly higher upstream service than is currently available in most neighborhoods. There are so many use cases for this, everything from personal game servers to on-line backups, that the lack of such offerings is an indication of an unhealthy market. On 02/27/2015 02:25 PM, Scott Helms wrote: Daniel, We'd have to come to some standard definition of, But even if 1% of users would reasonably be using a fully symmetric link to its potential... As I said, I have visibility into a large number of symmetric connections and without exception they'd fit well into a plan that offered upstreams with that had a fractional speed of the downstream. Now, keep in mind I'm not talking about 1/10 as a ratio here, but 1/5 would accommodate ~99.2% and 1/4 would fit ~99.9%. It's also important to note that all of these accounts are in the 25mbps down territory so their upstreams are 5mbps. What I see when I look at customer satisfaction ratings is a very strong correlation with low uplink speeds and a high satisfaction rate when we look at uplink speeds greater than 4mbps. What I don't see is an increase in customer satisfaction as upload speeds go past ~6mbps. Conversely, increases in customer satisfaction with correlate with increases in download speeds past ~30mbps before the correlation starts weakening. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms On Fri, Feb 27, 2015 at 2:57 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: The statistics certainly *should* be used when provisioning aggregate resources. But even if 1% of users would reasonably be using a fully symmetric link to its potential, that's a good reason to at least have such circuits available in the standard consumer mix, which they aren't today. On 02/27/2015 01:30 PM, Scott Helms wrote: Daniel, Well, I wouldn't call using the mean a myth, after all understanding most customer behavior is what we all have to build our business cases around. If we throw out what customers use today and simply take a build it and they will come approach then I suspect there would fewer of us in this business. Even when we look at anomalous users we don't see symmetrical usage, ie top 10% of uploaders. We also see less contended seconds on their upstream than we do on the downstream. These observations are based on ~500k residential and business subscribers across North America using FTTH (mostly GPON), DOCSIS cable modems, and various flavors of DSL. Scott Helms Vice President of Technology ZCorum (678) 507-5000 tel:%28678%29%20507-5000 tel:%28678%29%20507-5000 http://twitter.com/kscotthelms
Re: gmail spam help
More than one, but I found it here: https://bugs.launchpad.net/ubuntu/+source/spamassassin/+bug/1412830 They did patch it after it finally became a problem, I don't know about any other distributions. On 02/12/2015 08:09 PM, Suresh Ramasubramanian wrote: Which distro is it that has dnsbl filtering on by default, and also defaulting to shady no name blocklists? I have yet to see a case where turning this sort of thing on first and kicking self later wasn't because of a clueless sysadmin. On Feb 13, 2015 7:36 AM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Of course not, and I didn't mean to imply that they were. I was surprised to see it still present *anywhere* (this was in a major Linux distribution, and may still be), and that hidden presence may be polluting data streams used by even the most responsible vendors unless they are running entirely self-contained. On 02/12/2015 07:04 PM, Suresh Ramasubramanian wrote: Please. Gmail isn't ever likely to use long dead hobbyist block lists. On Feb 12, 2015 9:38 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Possibly related: http://www.ahbl.org/content/changes-ahbl We had to manually remove it from spamassassin for our local installation, and I am pretty sure that a lot of sites still haven't figured it out so there's a lot of false positives being generated all over the place to throw off even filters that don't use it directly. On 02/12/2015 09:54 AM, Alex Rubenstein wrote: Mainly because I own it, and the people who use it. The server has been around 10+ years and has tight oversight. SPF is proper. This is a recent issue. From: Scott Helms [mailto:khe...@zcorum.com mailto:khe...@zcorum.com mailto:khe...@zcorum.com mailto:khe...@zcorum.com] Sent: Thursday, February 12, 2015 10:51 AM To: Alex Rubenstein Cc: Josh Luthman; NANOG list Subject: Re: gmail spam help I'd be interested to know how you can be so adamant about the lack of spam from this specific server. A great percentage of the spam hitting servers I have visibility into comes from very similar kinds of set ups because they tend to have little or no over sight in place. Also, lots of commercial email gets flagged as spam by users, even when they opted in for the email. If enough people flagged email from this server as spam it will cause Google to consider other email from the same small server as likely to be spam as well. Small systems, especially new ones, tend to unintentionally look like spam sources by not having proper reverse records, making sure you have SPF set up for the domain, etc. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:41 AM, Alex Rubenstein a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net wrote: I should have been clearer. I have been getting complaints from my sales folks that when they send emails to people who use gmail (either a gmail account or google apps) that they recipient is reporting that the email is ending up in the Spam folder. So, I tested this myself, sending an email from a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net mailto:a...@corp.nac.net to rubenstei...@gmail.com mailto:rubenstei...@gmail.com mailto:rubenstei...@gmail.com mailto:rubenstei...@gmail.commailto:rubenstei
Re: gmail spam help
Of course not, and I didn't mean to imply that they were. I was surprised to see it still present *anywhere* (this was in a major Linux distribution, and may still be), and that hidden presence may be polluting data streams used by even the most responsible vendors unless they are running entirely self-contained. On 02/12/2015 07:04 PM, Suresh Ramasubramanian wrote: Please. Gmail isn't ever likely to use long dead hobbyist block lists. On Feb 12, 2015 9:38 PM, Daniel Taylor dtay...@vocalabs.com mailto:dtay...@vocalabs.com wrote: Possibly related: http://www.ahbl.org/content/changes-ahbl We had to manually remove it from spamassassin for our local installation, and I am pretty sure that a lot of sites still haven't figured it out so there's a lot of false positives being generated all over the place to throw off even filters that don't use it directly. On 02/12/2015 09:54 AM, Alex Rubenstein wrote: Mainly because I own it, and the people who use it. The server has been around 10+ years and has tight oversight. SPF is proper. This is a recent issue. From: Scott Helms [mailto:khe...@zcorum.com mailto:khe...@zcorum.com] Sent: Thursday, February 12, 2015 10:51 AM To: Alex Rubenstein Cc: Josh Luthman; NANOG list Subject: Re: gmail spam help I'd be interested to know how you can be so adamant about the lack of spam from this specific server. A great percentage of the spam hitting servers I have visibility into comes from very similar kinds of set ups because they tend to have little or no over sight in place. Also, lots of commercial email gets flagged as spam by users, even when they opted in for the email. If enough people flagged email from this server as spam it will cause Google to consider other email from the same small server as likely to be spam as well. Small systems, especially new ones, tend to unintentionally look like spam sources by not having proper reverse records, making sure you have SPF set up for the domain, etc. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:41 AM, Alex Rubenstein a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net wrote: I should have been clearer. I have been getting complaints from my sales folks that when they send emails to people who use gmail (either a gmail account or google apps) that they recipient is reporting that the email is ending up in the Spam folder. So, I tested this myself, sending an email from a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net to rubenstei...@gmail.com mailto:rubenstei...@gmail.commailto:rubenstei...@gmail.com mailto:rubenstei...@gmail.commailto:rubenstei...@gmail.com mailto:rubenstei...@gmail.commailto:rubenstei...@gmail.com mailto:rubenstei...@gmail.com [cid:image001.png@01D046AD.3B2FA890] This is curious to me, since @corp.nac.net http://corp.nac.nethttp://corp.nac.net is a small exchange implementation with only about 50 users behind it, and there is no question that there is no spamming going on from here. So, it’s not a question of adding a filter or not using gmail; it is not me who is using gmail in this problem. From: Josh Luthman [mailto:j...@imaginenetworksllc.com mailto:j...@imaginenetworksllc.commailto:j...@imaginenetworksllc.com mailto:j...@imaginenetworksllc.com] Sent: Thursday, February 12, 2015 9:32 AM To: Alex Rubenstein Cc: NANOG list Subject: Re: gmail spam help Create a filter. Josh Luthman Office: 937-552-2340tel:937-552-2340 Direct: 937-552-2343tel:937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Feb 12, 2015 8:11 AM, Alex Rubenstein a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.netmailto:a...@corp.nac.net mailto:a...@corp.nac.net wrote: Is there anyone on-list that can help me with a world - gmail email issue, where email is being considering spam by gmail erroneously? Thanks. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com mailto:dtay...@vocalabs.com http
Re: gmail spam help
Possibly related: http://www.ahbl.org/content/changes-ahbl We had to manually remove it from spamassassin for our local installation, and I am pretty sure that a lot of sites still haven't figured it out so there's a lot of false positives being generated all over the place to throw off even filters that don't use it directly. On 02/12/2015 09:54 AM, Alex Rubenstein wrote: Mainly because I own it, and the people who use it. The server has been around 10+ years and has tight oversight. SPF is proper. This is a recent issue. From: Scott Helms [mailto:khe...@zcorum.com] Sent: Thursday, February 12, 2015 10:51 AM To: Alex Rubenstein Cc: Josh Luthman; NANOG list Subject: Re: gmail spam help I'd be interested to know how you can be so adamant about the lack of spam from this specific server. A great percentage of the spam hitting servers I have visibility into comes from very similar kinds of set ups because they tend to have little or no over sight in place. Also, lots of commercial email gets flagged as spam by users, even when they opted in for the email. If enough people flagged email from this server as spam it will cause Google to consider other email from the same small server as likely to be spam as well. Small systems, especially new ones, tend to unintentionally look like spam sources by not having proper reverse records, making sure you have SPF set up for the domain, etc. Scott Helms Vice President of Technology ZCorum (678) 507-5000 http://twitter.com/kscotthelms On Thu, Feb 12, 2015 at 10:41 AM, Alex Rubenstein a...@corp.nac.netmailto:a...@corp.nac.net wrote: I should have been clearer. I have been getting complaints from my sales folks that when they send emails to people who use gmail (either a gmail account or google apps) that they recipient is reporting that the email is ending up in the Spam folder. So, I tested this myself, sending an email from a...@corp.nac.netmailto:a...@corp.nac.netmailto:a...@corp.nac.netmailto:a...@corp.nac.net to rubenstei...@gmail.commailto:rubenstei...@gmail.commailto:rubenstei...@gmail.commailto:rubenstei...@gmail.com [cid:image001.png@01D046AD.3B2FA890] This is curious to me, since @corp.nac.nethttp://corp.nac.net is a small exchange implementation with only about 50 users behind it, and there is no question that there is no spamming going on from here. So, it’s not a question of adding a filter or not using gmail; it is not me who is using gmail in this problem. From: Josh Luthman [mailto:j...@imaginenetworksllc.commailto:j...@imaginenetworksllc.com] Sent: Thursday, February 12, 2015 9:32 AM To: Alex Rubenstein Cc: NANOG list Subject: Re: gmail spam help Create a filter. Josh Luthman Office: 937-552-2340tel:937-552-2340 Direct: 937-552-2343tel:937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Feb 12, 2015 8:11 AM, Alex Rubenstein a...@corp.nac.netmailto:a...@corp.nac.netmailto:a...@corp.nac.netmailto:a...@corp.nac.net wrote: Is there anyone on-list that can help me with a world - gmail email issue, where email is being considering spam by gmail erroneously? Thanks. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
On 04/25/2014 08:23 AM, Patrick W. Gilmore wrote: On Apr 25, 2014, at 00:57 , Larry Sheldon larryshel...@cox.net wrote: In a private message I asked if he could name a single monopoly that existed without regulation to protect its monopoly power. I answered in a private message: Microsoft. Kinda obvious if you think about it for, oh, say, 12 microseconds. DeBeers Diamond cartel, which operated internationally and held an effective monopoly on the diamond market for *decades* was apparently beyond the reach of regulation to either assist or hinder them, and has only recently faded somewhat in the face of competition that they can't reach with their traditional protective tactics. The Standard Oil monopoly was obtained without the special assistance of government as well, though they were broken up by the government. The methods they used should be mandatory study for everyone. The ATT monopoly position *was* granted (and later revoked) by the government. Net neutrality is an intervention of the government to prevent monopoly forming tactics on the part of major players, so I think it is something worth having. It is not (unfortunately) something that is a natural state for the Internet. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: IPv6 isn't SMTP
On 03/25/2014 11:18 PM, John Levine wrote: 3. Arguing about IPv6 in the context of requirements upon SMTP connections is playing that uncomfortable game with one�s own combat boots. And not particularly productive. If you can figure out how to do effective spam filtering without looking at the IP addresses from which mail arrives, you will be in a position to make a whole lot of money. But, as always, I'm not holding my breath. R's, John PS: Note the word effective. You look at the IP, and verify forward and reverse DNS. IPv6 doesn't make this any harder a problem than IPv4, it just means that we're going to *have* to reject mail that comes in from IPv6 addresses that don't have clean DNS. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: IPv6 isn't SMTP
On 03/26/2014 08:05 AM, rw...@ropeguru.com wrote: On Wed, 26 Mar 2014 07:45:06 -0500 Daniel Taylor dtay...@vocalabs.com wrote: On 03/25/2014 11:18 PM, John Levine wrote: 3. Arguing about IPv6 in the context of requirements upon SMTP connections is playing that uncomfortable game with one�s own combat boots. And not particularly productive. If you can figure out how to do effective spam filtering without looking at the IP addresses from which mail arrives, you will be in a position to make a whole lot of money. But, as always, I'm not holding my breath. R's, John PS: Note the word effective. You look at the IP, and verify forward and reverse DNS. IPv6 doesn't make this any harder a problem than IPv4, it just means that we're going to *have* to reject mail that comes in from IPv6 addresses that don't have clean DNS. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/ (612)235-5711 Actually, with all the discussion about ipv6 not having rDNS, in most cases, would that not make things easier? So those that want to run email servers SHOULD be on ISP's that allow for rDNS configuration for IPv6. There should be some vetting in the process by the ISP, maybe, before allowing this. So in essence, if you are a legitimate email host, you will have rDNS configured on IPv6 for your server. Again, as others have stated, rDNS should NOT be the only deciding factor in whether or not an email is legit. No rDNS, or havinf rDNS, should have some weight assigned to it for the overall evaluation of the sender. Robert If you can't get rDNS on a mail host from your ISP, I'd say you are on the wrong ISP if you want to run your own mail server. This goes for IPv6 and IPv4 equally. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. dtay...@vocalabs.com http://www.vocalabs.com/(612)235-5711
Re: What to expect after a cooling failure
Another failure I've seen connected to overheating events is AC power supply failures. On 07/09/2013 10:28 PM, Erik Levinson wrote: As some may know, yesterday 151 Front St suffered a cooling failure after Enwave's facilities were flooded. One of the suites that we're in recovered quickly but the other took much longer and some of our gear shutdown automatically due to overheating. We shut down remotely many redundant and non-essential systems in the hotter suite, and transferred remotely some others to the cooler suite, to ensure that we had a minimum of all core systems running in the hotter suite. We waited until the temperatures returned to normal, and brought everything back online. The entire event lasted from approx 18:45 until 01:15. Apparently ambient temperature was above 43 degrees Celcius at one point on the cool side of cabinets in the hotter suite. For those who have gone through such events in the past, what can one expect in terms of long-term impact...should we expect some premature component failures? Does anyone have any stats to share? Thanks -- Erik Levinson CTO, Uberflip 416-900-3830 1183 King Street West, Suite 100 Toronto ON M6K 3C5 www.uberflip.com
Re: [SHAME] Spam Rats
On 01/10/2013 02:59 PM, John Levine wrote: IMHO mail is one of the easiest first things to turn on for IPv6. You can certainly turn it on, and it will work at the current toy scale, but nobody has a clue how we're going to scale IPv4 spam management up for large scale IPv6. Anything that's obvious won't work. It isn't a complete solution by itself, but SPF hardly breaks a sweat with IPv6 and helps with maintaining domain-name based blacklists. -- Daniel Taylor VP Operations Vocal Laboratories, Inc dtay...@vocalabs.com 612-235-5711
Re: The End-To-End Internet (was Re: Blocking MX query)
On 09/04/2012 03:52 PM, Michael Thomas wrote: On 09/04/2012 09:34 AM, Daniel Taylor wrote: If you are sending direct SMTP on behalf of your domain from essentially random locations, how are we supposed to pick you out from spammers that do the same? Use DKIM. You say that like it's a lower bar than setting up a fixed SMTP server and using that. Besides, doesn't DKIM break on mailing lists? -- Daniel Taylor VP Operations Vocal Laboratories, Inc dtay...@vocalabs.com 952-941-6580x203
Re: The End-To-End Internet (was Re: Blocking MX query)
On 09/05/2012 10:19 AM, Michael Thomas wrote: On 09/05/2012 05:56 AM, Daniel Taylor wrote: On 09/04/2012 03:52 PM, Michael Thomas wrote: On 09/04/2012 09:34 AM, Daniel Taylor wrote: If you are sending direct SMTP on behalf of your domain from essentially random locations, how are we supposed to pick you out from spammers that do the same? Use DKIM. You say that like it's a lower bar than setting up a fixed SMTP server and using that. I say it like it addresses your concern. Well, if you've got proper forward and reverse DNS, and your portable SMTP server identifies itself properly, and you are using networks that don't filter outbound port 25, AND you have DKIM configured correctly and aren't using it for a situation for which it is inappropriate, then you'll get the same results with a portable SMTP server that you would sending through a properly configured static server. So, no, use DKIM does not address the delivery difficulties inherent to using a portable SMTP server. -- Daniel Taylor VP Operations Vocal Laboratories, Inc dtay...@vocalabs.com 952-941-6580x203
Re: The End-To-End Internet (was Re: Blocking MX query)
On 09/05/2012 03:01 PM, Michael Thomas wrote: On 09/05/2012 12:50 PM, Daniel Taylor wrote: On 09/05/2012 10:19 AM, Michael Thomas wrote: On 09/05/2012 05:56 AM, Daniel Taylor wrote: On 09/04/2012 03:52 PM, Michael Thomas wrote: On 09/04/2012 09:34 AM, Daniel Taylor wrote: If you are sending direct SMTP on behalf of your domain from essentially random locations, how are we supposed to pick you out from spammers that do the same? Use DKIM. You say that like it's a lower bar than setting up a fixed SMTP server and using that. I say it like it addresses your concern. Well, if you've got proper forward and reverse DNS, and your portable SMTP server identifies itself properly, and you are using networks that don't filter outbound port 25, AND you have DKIM configured correctly and aren't using it for a situation for which it is inappropriate, then you'll get the same results with a portable SMTP server that you would sending through a properly configured static server. So, no, use DKIM does not address the delivery difficulties inherent to using a portable SMTP server. My how the goalposts are moving. DKIM solves the problem of producing a stable identifier for a mail stream which is what your originally positioned goalposts was asking for. It also makes reverse dns lookups even more useless than they already are. Use your MX or SPF senders as your outbound mail agent, especially if they are properly configured with full DNS records so we can tell they are the correct machines to be sending on your behalf, or expect that you will get more mail bounced and lost than the average user because you are being unpredictable and unverifiable. That you so conveniently trimmed from the post that you replied to. Just putting the goalposts back where I left them. Proper DNS configuration is essential to reliable SMTP delivery. SPF and DKIM can help ensure you don't get mistakenly tagged as a spammer, but they are no substitute for proper technical configuration of your mail server, and you don't get proper configuration if you are using other people's networks. -- Daniel Taylor VP Operations Vocal Laboratories, Inc dtay...@vocalabs.com 952-941-6580x203
Re: The End-To-End Internet (was Re: Blocking MX query)
If you are sending direct SMTP on behalf of your domain from essentially random locations, how are we supposed to pick you out from spammers that do the same? Use your MX or SPF senders as your outbound mail agent, especially if they are properly configured with full DNS records so we can tell they are the correct machines to be sending on your behalf, or expect that you will get more mail bounced and lost than the average user because you are being unpredictable and unverifiable. On 09/04/2012 11:05 AM, Jay Ashworth wrote: - Original Message - From: John Peach john-na...@johnpeach.com On Tue, 4 Sep 2012 11:57:38 -0400 (EDT) Jay Ashworth j...@baylink.com wrote: SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing something, or are you? I run an MTA on my server and auth to that from laptops and other clients. Relaying allowed for authorised users. So, in other words, it's ok to rant and stomp our feet about the end-to-end architecture and how critical it is to support in order to diss NAT, but we're required to ignore it when discussing SMTP? I'm not sure I'm following, there. Cheers, -- jra -- Daniel Taylor VP Operations Vocal Laboratories, Inc dtay...@vocalabs.com 952-941-6580x203