On 4/10/13 7:55 PM, John Levine wrote:
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some inconvenience, therefore all
DNSBLs suck forever. I could say similar things about buggy PC
implementations of TCP/IP, but I think a few things
Somebody point me to see that the date of the post in circleid is April
1st ...
:)
-as
On 4/11/13 11:17 AM, Arturo Servin wrote:
On 4/10/13 7:55 PM, John Levine wrote:
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some
I don't have the same overall feeling that its less reliable.
I believe it is 100% reliable when it comes to the good
communications, the serious stuff, the work, business communications.
Those get through and more importantly, above all, when there is a
problem, good people complain, any
On 04/09/2013 08:07 PM, John Levine wrote:
Quoting Nathaniel Borenstein [1]:
One man's blacklist is another's denial-of-service attack.
Email reputation services have a bad reputation.
They have a good enough reputation that every non-trivial mail system
in the world uses them. They're
On Apr 10, 2013, at 6:26 AM, Keith Moore mo...@network-heretics.com wrote:
On 04/09/2013 08:07 PM, John Levine wrote:
Quoting Nathaniel Borenstein [1]:
One man's blacklist is another's denial-of-service attack.
Email reputation services have a bad reputation.
They have a good enough
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some inconvenience, therefore all
DNSBLs suck forever. I could say similar things about buggy PC
implementations of TCP/IP, but I think a few things have changed since
then, in both cases.
On 04/10/2013 06:55 PM, John Levine wrote:
There seems to be a faction that feel that 15 years ago someone once
blacklisted them and caused them some inconvenience, therefore all
DNSBLs suck forever. I could say similar things about buggy PC
implementations of TCP/IP, but I think a few things
Like I said, things have changed since 1996.
Indeed they have. Email is much less reliable now than it was then.
Agreed. But it's not the DNSBLs, it's all the other stuff, notably
heuristic content filters, that we have to do to deal with the 95% of mail
that is spam these days.
I
On 04/10/2013 07:14 PM, John R Levine wrote:
Like I said, things have changed since 1996.
Indeed they have. Email is much less reliable now than it was then.
Agreed. But it's not the DNSBLs, it's all the other stuff, notably
heuristic content filters, that we have to do to deal with the
On 03/29/2013 01:28 PM, Douglas Otis wrote:
The Internet is under a DDoS attack specifically against an email
address reputation service.
You have it backwards. Internet email has long been under DDoS attack
from email address reputation services.
Keith
On Apr 8, 2013, at 10:27 PM, joel jaeggli joe...@bogus.com wrote:
On 4/8/13 9:18 PM, Douglas Otis wrote:
On Mar 31, 2013, at 1:23 AM, Doug Barton do...@dougbarton.us
mailto:do...@dougbarton.us wrote:
On 03/30/2013 11:26 PM, Christian Huitema wrote:
IPv6 makes publishing IP address
Hi Keith,
At 09:56 09-04-2013, Keith Moore wrote:
You have it backwards. Internet email has long been under DDoS
attack from email address reputation services.
Quoting Nathaniel Borenstein [1]:
One man's blacklist is another's denial-of-service attack.
Email reputation services have a
On Apr 9, 2013, at 11:28 AM, SM s...@resistor.net wrote:
Hi Keith,
At 09:56 09-04-2013, Keith Moore wrote:
You have it backwards. Internet email has long been under DDoS attack from
email address reputation services.
Quoting Nathaniel Borenstein [1]:
One man's blacklist is
Quoting Nathaniel Borenstein [1]:
One man's blacklist is another's denial-of-service attack.
Email reputation services have a bad reputation.
They have a good enough reputation that every non-trivial mail system
in the world uses them. They're not all the same, and a Darwinian
process has
Hi Doug,
At 12:22 09-04-2013, Douglas Otis wrote:
In full agreement with Nathaniel. Avoiding unfair collateral
blocking is why source domain authentication, not authorization, is vital.
I doubt that what's mentioned in the subject line will not face
strong resistance within an IETF context.
On Mar 31, 2013, at 1:23 AM, Doug Barton do...@dougbarton.us wrote:
On 03/30/2013 11:26 PM, Christian Huitema wrote:
IPv6 makes publishing IP address reputations impractical. Since IP address
reputation has been a primary method for identifying abusive sources with
IPv4, imposing
On 4/8/13 9:18 PM, Douglas Otis wrote:
On Mar 31, 2013, at 1:23 AM, Doug Barton do...@dougbarton.us
mailto:do...@dougbarton.us wrote:
On 03/30/2013 11:26 PM, Christian Huitema wrote:
IPv6 makes publishing IP address reputations impractical. Since IP
address reputation has been a primary
; O'Reirdan,Michael
michael_oreir...@cable.comcast.com; John C Klensin john-i...@jck.com;
Walker,Severin severin_wal...@cable.comcast.com; Rosenwald,Jordan
jordan_rosenw...@cable.comcast.com; John Levine jo...@taugh.com
Sent: Wednesday, April 03, 2013 8:01 PM
Subject: Re: Sufficient email
On Mar 30, 2013, at 10:43 AM, John C Klensin john-i...@jck.com wrote:
It sometimes feels as if anti-spam efforts are trending in the
direction of its being acceptable to accidentally discard a few
dozen legitimate messages if doing so allows blocking a few
thousand unsolicited/undesired
On Apr 3, 2013, at 6:16 PM, Dean Willis dean.wil...@softarmor.com wrote:
I've tried to imagine using Facebook-like system for IETF work, and it is
strangely compelling ...
It would, however, be nice if it were peer-to-peer rather than monolithic.
On 04/03/2013 05:01 PM, Ted Lemon wrote:
On Apr 3, 2013, at 6:16 PM, Dean Willis dean.wil...@softarmor.com wrote:
I've tried to imagine using Facebook-like system for IETF work, and it is
strangely compelling ...
It would, however, be nice if it were peer-to-peer rather than monolithic.
On Mar 30, 2013, at 11:26 PM, Christian Huitema huit...@microsoft.com wrote:
IPv6 makes publishing IP address reputations impractical. Since IP address
reputation has been a primary method for identifying abusive sources with
IPv4, imposing ineffective and flaky replacement strategies has
IPv6 makes publishing IP address reputations impractical. Since IP address
reputation has been a primary method for identifying abusive sources with
IPv4, imposing ineffective and flaky replacement strategies has an effect
of deterring IPv6 use.
In practice, the /64 prefix of the IPv6
On 03/30/2013 11:26 PM, Christian Huitema wrote:
IPv6 makes publishing IP address reputations impractical. Since IP address
reputation has been a primary method for identifying abusive sources with IPv4,
imposing ineffective and flaky replacement strategies has an effect of
deterring IPv6
In practice, the /64 prefix of the IPv6 address has very much the same
administrative properties as the /32 value of the IPv4 address.
You would hope so, but I know hosting places that give their customers
a /128 in a shared /64. They claim that their routers make this hard
to fix. I don't know
Good points Dave.
However, I would suggest that having tighter controls on the transport
practice, e.g.; SMTP handshaking compliancy, following and honoring
exclusive domain published policies, does help minimize support cost.
--
HLS
On 3/30/2013 7:46 PM, Dave Crocker wrote:
On 3/30/2013
Hi Doug,
This sounds urgent. I am not seeing this urgency, but maybe we just
have it under control.
Another side question Doug, is this an application-level based
filtering? Can one be authenticated lets say for SMTP but not WEB?
Is the filtering applied across all protocols? Is it the IP
On 3/29/13 12:58 PM, John Levine jo...@taugh.com wrote:
As a result, it is questionable whether any IPv6 address-based
reputation system can be successful (at least those based on voluntary
principles.)
It can probably work for whitelisting well behaved senders, give or take
the DNS cache
--On Saturday, March 30, 2013 14:57 + Livingood, Jason
jason_living...@cable.comcast.com wrote:
...
Mail acceptance for IPv4 worked inclusively - receivers accept
unless IP reputation or other factors failed. IMHO with IPv6
that model may need to be turned around to an exclusive one -
Dear Jason,
On Mar 30, 2013, at 7:57 AM, Livingood, Jason
jason_living...@cable.comcast.com wrote:
On 3/29/13 12:58 PM, John Levine jo...@taugh.com wrote:
As a result, it is questionable whether any IPv6 address-based
reputation system can be successful (at least those based on voluntary
On 3/30/2013 7:57 AM, Livingood, Jason wrote:
Mail acceptance for IPv4 worked inclusively - receivers accept unless IP
reputation or other factors failed. IMHO with IPv6 that model may need to
be turned around to an exclusive one - so receivers will not accept mail
unless certain factors are
At 07:57 30-03-2013, Livingood, Jason wrote:
Mail acceptance for IPv4 worked inclusively - receivers accept unless IP
reputation or other factors failed. IMHO with IPv6 that model may need to
be turned around to an exclusive one - so receivers will not accept mail
unless certain factors are met
On Thu, 28 Mar 2013, Douglas Otis wrote:
IPv6 makes publishing IP address reputations impractical. Since IP
address reputation has been a primary method for identifying abusive
sources with IPv4, imposing ineffective and flaky replacement strategies
has an effect of deterring IPv6 use.
My
On Mar 29, 2013, at 4:13 AM, Mikael Abrahamsson swm...@swm.pp.se wrote:
My belief is that IP address reputation has always been flakey, it's just
vastly more so with IPv6.
What we need is a way to identify a entity subnet size. This work is
probably wasted on IPv4, but it's definitely
On Fri, 29 Mar 2013, John Curran wrote:
This approach works fine if one presumes that the problem is always just
the customer (i.e. their ISP is actively interested in helping solve the
problem.) For ISPs who are not as interested (or may have an actual
motivation to hinder resolution of the
As a result, it is questionable whether any IPv6 address-based reputation
system can be successful (at least those based on voluntary principles.)
It can probably work for whitelisting well behaved senders, give or take
the DNS cache busting issues of IPv6 per-message lookups.
Since a bad guy
On Mar 29, 2013, at 9:58 AM, John Levine jo...@taugh.com wrote:
As a result, it is questionable whether any IPv6 address-based reputation
system can be successful (at least those based on voluntary principles.)
It can probably work for whitelisting well behaved senders, give or take
the
On 03/28/2013 08:29 PM, Douglas Otis wrote:
IPv6 makes publishing IP address reputations impractical.
For individual addresses, sure. But one of the (if not *the*) primary
benefits of v4 reputation is the test of whether or not the address is
in a botnet range (aka, ranges assigned to
Hi Doug,
On 3/28/2013 2:13 PM, Douglas Otis wrote:
Dear IETF,
In response to various strategies to reject IPv6 email lacking either DKIM
or SPF, the non-negotiated approach suggests far greater review is needed.
Whats the difference with IPv6 connections? Should it matter? Does it
matter?
Hello Hector,
On Mar 28, 2013, at 3:53 PM, Hector Santos hsan...@isdg.net wrote:
Hi Doug,
On 3/28/2013 2:13 PM, Douglas Otis wrote:
Dear IETF,
In response to various strategies to reject IPv6 email lacking either DKIM
or SPF, the non-negotiated approach suggests far greater review is
40 matches
Mail list logo