Re: Help with removing DNS shinkhole FP from Charter/Spectrum

I'm not sure where you saw that message, but I got this message via email after I submitted an unblock request with Spectrum Shield: We have reviewed your request to unblock validin.com. This site was not found to be blocked by Spectrum Shield and should be accessible from your browser.

Re: Help with removing DNS shinkhole FP from Charter/Spectrum

Bill is absolutely correct. The spammers lost their case because they were demonstrably spammers. No, really they did not. I read the decisions. Have you? Hint: under CAN SPAM a great deal of spam is completely legal so it didn't matter. We’ve had accidental black hole cases with *US*

Re: Help with removing DNS shinkhole FP from Charter/Spectrum

On Mon, 22 Apr 2024, William Herrin wrote: Respectfully, you're mistaken. Look up "tortious interference." I'm familiar with it. But I am also familar with many cases were spammers have sued network operators claiming that they're falsely defamed, so the operator has to deliver their mail.

Re: registry for onmicrosoft[dot]com

Maybe Microsoft allows your small domain as an exception? In the mean time, use Gmail or another cloud provider to get your email. It may be because I have a few mailing lists that keep the volume up enough to avoid falling off their radar. It's kind of ironic that MS throws people's mail

Re: registry for onmicrosoft[dot]com

Yep, just had another one. Email to local election office silently vanishes because it uses Office365 Cloud email. I believe they're throwing your mail away, but it's not just because you're small. Like I said, I'm just as small and my mail gets there OK. Needed to use Gmail instead.

Re: IPv6 uptake (was: The Reg does 240/4)

That it's possible to implement network security well without using NAT does not contradict the claim that NAT enhances network security. I think we're each overgeneralizing from our individual expeience. You can configure a V6 firewall to be default closed as easily as you can configure a

Re: Anyone have contacts at the Amazon or OpenAI web spiders?

If anyone has contacts at either I would appreciate it. https://developer.amazon.com/support/amazonbot Um, that is the site I mentioned in the line above the one you quoted. As I said, I wrote to the contact address, no reply. probably returned as a result of searching "amazonbot" on

Re: What are these Google IPs hammering on my DNS server?

On Mon, 4 Dec 2023, Damian Menscher wrote: have more redundancy/capacity). Based on these estimates, we haven't treated mitigation of small attacks as a high priority. If O(25Kpps) attacks are causing real problems for the community, I'd appreciate that feedback and some hints as to why your

Re: What are these Google IPs hammering on my DNS server?

Just set TC=1 for those clients. If you get queries over TCP then they where not spoofed. If they are using DNS COOKIE (RFC 7873) you can send back BADCOOKIE to the initial (client cookie only) UDP request with your server cookie. Identifying real DNS clients has been possible for years

RE: What are these Google IPs hammering on my DNS server?

to survive crap like this? Nothing/waiting it out? Oursourcing DNS? Scrubbing appliance? Poormans stuff like I mention above? -Michael -Original Message- From: NANOG On Behalf Of John R. Levine Sent: Sunday, December 3, 2023 1:18 PM To: Peter Potvin Cc: nanog@nanog.org Subject: Re: W

Re: What are these Google IPs hammering on my DNS server?

Did a bit of digging on Google's developer site and came across this: https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries Looks like the IPs you mentioned belong to Google's public DNS resolver based on that list on their site.

Re: What are these Google IPs hammering on my DNS server?

They are probably spoofed IPs. So those are the target IP IPs of a DDoS What king of amplification factor does your DNS server have? I bet with the changes you’ve made, it’s super high. People are looking for DNS servers like that. On the contrary, the reponse packets are tiny. $ host

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On Mon, 30 Oct 2023, Livingood, Jason wrote: On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? DNS isn’t the right place to attack this, IMHO. Are we sure that the

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? Oh my, you walked right into that one. https://www.quad9.net/service/threat-blocking/ https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ I'm also surprised

Re: IERS ponders reverse leapsecond...

On Wed, 10 Aug 2022, Billy Croan wrote: I think a much better answer to the nuisance of leap seconds (their uncertainty), instead of dropping them all together, MIGHT be let them build up for a century and deal with it every hundred years or every thousand. Maybe every decade? Sheesh. In

Re: NANOG List posts but not DMARC

I did manage to get someone to flip the setting so hopefully I’m not getting a lot of bounce back from this e-mail. Once again, if you were getting bounces, they had nothing to do with DMARC because you don't publish a DMARC policy. Regards, John Levine, jo...@taugh.com, Primary Perpetrator

Re: FCC vs FAA Story

And here are some actual test results: https://www.rtca.org/wp-content/uploads/2020/10/SC-239-5G-Interference-Assessment-Report_274-20-PMC-2073_accepted_changes.pdf People who understand radios don't think much of that report or the similar AVSI one. If its claims were true, planes would be

Re: Making Use of 240/4 NetBlock

Um, are you suggesting there is sufficiently heavy use of 240/4 to result in a significant security/stability issue if the address space is allocated? I thought you were arguing too many systems would have to be updated to even send/receive packets with 240/4 in the source or destination

Re: Making Use of 240/4 NetBlock

On Wed, 9 Mar 2022, John Gilmore wrote: Major networks are already squatting on the space internally, because they tried it and it works. Sounds like an excellent reason not to try to use it for global unicast. Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for

Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)

The only way IPv6 will ever be ubiquitous is if there comes a time where there is some forcing event that requires it to be. Unless that occurs, people will continue to spend time and energy coming up with ways to squeeze the blood out of v4 that could have been used to get v6 going instead. I

Re: WKBI #586, Redploying most of 127/8 as unicast public

The only effort involved on the IETF's jurisdiction was to stop squatting on 240/4 and perhaps maybe some other small pieces of IPv4 that could possibly be better used elsewhere by others who may choose to do so. The IETF is not the Network Police, and all IETF standards are entirely

Re: IPv6 woes - RFC

As you noted John, its the plethora of software, support systems, tooling, and most important in many environments - legacy customer management and provisioning systems that can be the limiting factor. ... Just looking around my office, I have a Cisco SPA112 two-port ATA. It's been

Re: IPv6 woes - RFC

OK, then Disney+ or Hulu or whoever. Peering wars never end well. Don't even need postcards, just stick the flyer in with the bill. Is that really cheaper and easier than deploying IPv6? Really? The cost of putting flyers in the bills rounds to zero, so yes, really. I expect these

Re: IPv6 woes - RFC

Indeed. They would send postcards to all their customers saying "Comcast has said they will cut off your access to Netflix on April 1, Call their president's office at 1-800-xxx- and tell them what you think." Nope… Netflix is fully available on IPv6 and actually looks forward to ISPs

Re: IP reputation lookup (prefix not single IP)

Same here. I have not publicised or updated my korea.services.net DNSBL for over a decade and it's still getting over 100 qps. On Fri, 26 Mar 2021, Sabri Berisha wrote: - On Mar 26, 2021, at 8:20 PM, John Levine jo...@iecc.com wrote: Hi, Also keep in mind that "most blocklists" is

DNSSEC failures for www.cdc.gov

I see that www.cdc.gov is a CNAME for www.akam.cdc.gov. which in turn is a CNAME for www.cdc.gov.edgekey.net. But it appears that while www.cdc.gov is signed, www.akam.cdc.gov in the same zone on the same server is not. Huh? What? $ dig @ns1.cdc.gov www.cdc.gov +dnssec ;; ->>HEADER<<-

Re: shouting draft resisters, Parler

I think it is reasonably clear this was a reference to the Iroquois Theatre fire where 602 people died. Not at all. The actual quote is The most stringent protection of free speech would not protect a man falsely shouting fire in a theatre and causing a panic. The Iroquois fire was

Re: Don't need someone with clue @ Network Solutions.

a czds dl, however, shows: You're right, I checked again. :; zgrep -E ^dns-auth.\.crocker\.com com.txt.gz dns-auth1.crocker.com. 172800 in a 66.59.48.87 dns-auth2.crocker.com. 172800 in a 66.59.48.88 dns-auth3.crocker.com. 172800 in a 66.59.48.94

Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls

Most DNS registers avoid verifying customer information as long as the payment clears (for a short time). DKIM (and DNSSEC) is built on top of trusting tokens from third-parties which disclaim all liability. Right. The only promise that DKIM makes is that if you have a stream of mail signed

Re: Chairman Pai Proposes Mandating STIR/SHAKEN To Combat Robocalls (fwd)

In article , Christopher Morrow wrote: On Fri, Mar 6, 2020 at 11:05 PM Brian J. Murrell wrote: > So, if my telco can bill the callers for those premium calls, they > surely know who they are, or at least know where they are sending the > bill and getting payment from. You are mistaken,

Re: ICANN extracts $20m signing fee for $1bn dot-com price increases and guess who's going to pay for it?

I have no problem paying an extra $3/year for my .com IF every domain speculator must also pay an extra $3 for each of their .coms. Is that what's happening here? Yes. The contract very clearly says that everyone pays the same renewal price to the registry. Regards, John Levine,

Re: power to the internet

PS: You also wouldn't believe how cheap the power is. California's prices are high compared to most of the US, but it's still only about €0.15 per KWh. I don't know where you live, but I pay around 38 cents/KWh. Depending on your rate, that can go up to 53 cents/KWh during peak times. 16x is

Re: Gmail email blocking is off the rails (again)

Someone up-thread noted that my personal domain is hosted on google groups. I've noticed in the past that the behaviour of gmail.com can be very different from the behaviour of a paid mail domain like mine... Google says that every user's spam filtering is different. It's not just free vs.

Re: Gmail email blocking is off the rails (again)

Though I agree that Gmail spam filtering is top grade, or close to be so, it still sends to spam a statistically significant number of emails from IETF and ICANN mailing lists I'm subscribed to. It depends as well on which account I should receive those emails. Yes, that's mostly the DMARC

Re: worse than IPv6 Pain Experiment

Can I summarize the current round of objections to my admittedly off-beat proposal (use basically URLs rather than IP addresses in IP packet src/dest) as: We can't do that! It would require changing something! Nope. You can summarize it as "it doesn't scale", which is what has killed

Re: IPv6 on mobile networks, was Update to BCP-38?

In article , Stephen Satchell wrote: My AT cell phone has both IPv4 and IPv6 addresses. The IPv4 address is from my access point; the IPv6 address appears to be a public address. My AT cellphone (via MVNO Tracfone) has a 10/8 IPv4 address and IPv6 address

Re: This DNS over HTTP thing

Yes, obviously they are trying multiple levers--but who gets to draw the line, where are they going to draw it, and why do they get to decide for me? What prevents an absurd 'solution' like "We can not only stop child molestation, but rape in general if we just castrate everyone" from being one

Re: IPv6 Pain Experiment

On Wed, 2 Oct 2019, Matt Harris wrote: I think ultimately the perception of the work required to deploy IPv6 is a much greater hurdle to IPv6 adoption than the actual work required to deploy IPv6. I'm describing my actual experience, so we'll have to disagree here. Regards, John Levine,

Re: This DNS over HTTP thing

I assumed my point was obvious but evidently I overestimated my audience. While it is stupid to assert that the only reason to circumvent DNS filters is to look at child abuse material, it is equally stupid to assert that the only reason to filter is to lie, or to censor. There are plenty of

Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

FYI: SMTP transitioned from A to MX. No, it didn't. A surprising number of real mail hosts only publish an A, and I lost the battle to say that MX shouldn't fall back to . It does. SPF could have been the same except people were impatient and had unrealistic expectations of how

Re: a detour DANE, was A Deep Dive on the Recent Widespread DNS Hijacking

On Thu, 28 Feb 2019, Mark Andrews wrote: Agreed. Additionally it suddenly went from something being done along with a experiment to being “a experiment on can you transition to a new type”. The transition to type99 was well underway. ... No, really, we had numbers. Approximately nobody was

Re: the e-mail of the future is the e-mail oft the past, was Enough port 26 talk...

And you won't really have a choice because unless you're willing to go full Ted Kaczynski one in a hundred of those emails will be very, very important to you ... Yeah. E-mail remains the only scheme where the two parties don't have to be introduced first, don't have to be online at the same

Re: SIP fax sending software?

You *can* get a fax across a G.711 connection if your throughput, My SIP provider supports T.38. How much difference does that make? Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail.

SIP fax sending software?

Can anyone recommend software that sends faxes over SIP? I have plenty of inbound fax to email services, but now and then I need to send a reply and it looks tacky to use one of the free web ones that put an ad on it. I know that if I wanted to pay $15/mo there are lots of lovely services

Re: Impacts of Encryption Everywhere (any solution?)

I am sure these third world nations have more important things to spend their money on rather than data plans and data devices. Things like food and medicine come to mind... My goodness, aren't we condescending. Since we're talking about Kenya here, a few milliseconds of research reminds us

Re: Impacts of Encryption Everywhere (any solution?)

In article , Matthew Petach wrote: Your 200mbit/sec link that costs you $300 in hardware is going to cost you $4960/month to actually get IP traffic across, in Nairobi. Yes, that's about $60,000/year. Nonetheless, Safaricom sells entirely usable data plans. A one day 1GB bundle on a

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

This looks like a willy-waving exercise by Cloudflare coming up with the lowest quad-digit IP. They must have known that this would cause routing issues, and now suddenly it's our responsibility to make significant changes to live infrastructures just so they can continue to look clever with the

Re: Blockchain and Networking

Tue, Jan 9, 2018 at 1:07 AM, John R. Levine <jo...@iecc.com> wrote: The promise of blockchain is fraud-resistant recordkeeping, database management, AND resource management maintained by a distributed decentralized network which eliminates or reduces the extent to which there are central po

Re: Blockchain and Networking

How about validating whether a given AS is an acceptable origin for a set of prefixes? Seems like a problem (route hijacking) that's still been looking for a solution. Lots of BGP routers, RRs, prefix databases are around, maintained and generally online. Current practices are incomplete and for

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Alas, these RBLs are often hard-coded into firewalls. Non-sophisticated users just think they have a check box saying "block spam". Fixing those IS hard. I believe there are cases where people have made it hard, but there are limits on how much I believe in protecting people from the

Re: Incoming SMTP in the year 2017 and absence of DKIM (fwd)

In article <6134b4a7-9da8-2935-e9f6-e4374b3fd...@spamtrap.tnetconsulting.net>, Grant Taylor via NANOG wrote: https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ The only way that I can think of is for the originating mail server to DKIM sign the

Re: Incoming SMTP in the year 2017 and absence of DKIM

Yeah, that's what ARC is intended to do. Hum. My understanding of ARC is that it's a way for a server to assert things about what it received. - Where as my interpretation of what we were discussing is the sender authorizing intermediary MTAs to send the message. The former is after the

Re: Incoming SMTP in the year 2017 and absence of DKIM

It's a one way correlation. If the rDNS is busted, you can be pretty sure you don't want the mail. If the rDNS is OK, you need more clues. Pretty sure, but far from certain. Even this one-way correlation is rather tenuous. It’s mostly harmless because everyone knows that mail servers are

Re: IoT security, was Krebs on Security booted off Akamai network

On Sun, 9 Oct 2016, Florian Weimer wrote: If we want to make consumers to make informed decisions, they need to learn how things work up to a certain level. And then current technology already works. I think it's fair to say that security through consumer education has been a failure every

Re: Legislative proposal sent to my Congressman

This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. That would be nice, but a manufacturer who can't be bothered to take even the most

Re: Legislative proposal sent to my Congressman

This is where device profiles could help. If enough devices register profiles with the local router, at some point the router's default could be closed, so devices with no profile can't talk to the outside. Are you thinking of MUD ( https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud/)

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Therein lies the problem if the traffic does not look anomalous I suppose. But even if it does look unusual, ISPs would be asking consumers to trash/update/turn off a lot of devices in time – like when every home has 10s or 100s of these devices. ISP: Dear customer, looks like one of your

Re: Request for comment -- BCP38

If we're talking about networks with that kind of MRC, is it really that far of a stretch to require PI space for this? Then again: If we're talking about that kind of MRC, then I'm assuming ISP A can be coaxed to allow explicit and well-defined exceptions on the customer's links. Yes. A)

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

It’s safe to ignore the silent minority that cannot really tell what is happening in most cases, but that doesn’t mean it “works” for any standard I would consider valid. Huh. So you're saying Bill Woodcock doesn't have the skills to see how his traffic is failing? Regards, John Levine,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this. That paper is about reflection attacks. From what I've read, this was not a reflection attack. The IoT devices are infected with

Re: phone fun, was GeoIP database issues and the real world consequences

So maybe 10% of all cell phones are primarly used in the "wrong" area? Out of curiosity, does anyone have a good pointer to the history of how / why US mobile ended up in the same numbering plan as fixed-line? The US and most of the rest of North America have a fixed length numbering plan

Re: phone fun, was GeoIP database issues and the real world consequences

Since then, I’ve been pretty much satisfied with my service from callcentric and the price is right. That's who I use. Now there's just a box on the web site to say not in the US. R's, John

Re: phone fun, was GeoIP database issues and the real world consequences

NANP geographical numbers can be located to a switch (give or take number portability within a LATA), but non-geographic numbers can really go anywhere. On the third hand, it's still true that the large majority of them are in the U.S. Would you agree that 408-921 is a geographic number? No.

Re: finding whois servers, was .pro whois registry down?

- a link from that top-level page to the whole list, in regex-aware, whois.conf-compatible format What uses whois.conf? Not the whois on my FreeBSD or Mac. Or you can just use this shell script: #!/bin/bash WHOISHOST=${1##*.}.ws.sp.am exec whois -h $WHOISHOST $* R's, John

Re: finding whois servers, was .pro whois registry down?

I've set up .ws.sp.am (that's ws for Whois Server) which is updated every day from a variety of sources so it's pretty accurate. It's had the right server for pro.ws.sp.am all along. Hey, that's fantastic! Feature request: could you provide a human- and machine-readable one-stop extract at

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

Given that a lot of these updates are happening in the background without any interaction with the users maybe for your customers, but not so true for our user base or others with which i have experience. wise folk want control of patching. and it's not only IT departments, but end users.

Re: DNSSEC and ISPs faking DNS responses

At this point very few client resolvers check DNSSEC, so something that stripped off all the DNSSEC stuff and inserted lies where required would "work" for most clients. At least until they realized they couldn't get to PokerStars and switched their DNS to 8.8.8.8. If the ISPs don’t start

Fw: new message

Hey! New message, please read <http://livingnspired.com/chapter.php?77h> John R. Levine

Fw: new message

Hey! New message, please read <http://moverdubai.net/heart.php?r> John R. Levine

Re: Can't reach RIPE WHOIS via IPv6 ?

When I try to contact whois.ripe.net (2001:67c:2e8:22::c100:687) or their REST server rest.db.ripe.net (2001:67c:2e8:22::c100:68e), it times out. Traceroutes from a couple of different places all seem to loop in Amsterdam, IPv4 is fine. Am I special, or is it just broken? I guess I was

Re: Dual stack IPv6 for IPv4 depletion

Are you really equating an incremental silent update to remove something between one if statement or slightly more and an entire protocol stack that when active fundamentally changes the host networking behavior? Yeah. On the devices I have, there's no practical difference between a one line

Re: Dual stack IPv6 for IPv4 depletion

It would be nice if it were possible to implement BCP 38 in IPv6, since this is the reason it isn't in IPv4. There isn't any technical reason that an organization can't fix its edge so it doesn't urinate bad IPv6 traffic all over the Internet. In IPv4 systems, the problem is (so I have been

Re: Dual stack IPv6 for IPv4 depletion

We're talking about end user assignments made by ISPs, not ISP assignments. An ISP's /32 is likely the only entry one needs in the FIB. In that case, why should anyone care how the ISP assigns space to its customers? R's, John

RE: Dual stack IPv6 for IPv4 depletion

What about dual-homed customers? Or are they all expected to have their own PI space? This is IPv6. Why shouldn't they have their own PI space? R's, John

Re: gmail security is a joke

The OP was correct, if they can send you your cleartext password then their security practices are inadequate, period. Unless I misunderstand what you're saying (I sort of hope I do) this is Security 101. As I've said a couple of times already, but perhaps without the capital letters, from a

Re: gmail security is a joke

I get what you are saying but my point was more about lack of crypto or reversible crypto than stealing the account. I am all in favor of using crypto when it improves security. But I am also in favor of not obsessing about it in places where it makes no difference. I like what Owen is

Re: gmail security is a joke

If they can e-mail you your existing password (*cough*Netgear*cough*), it means they are storing your credentials in the database un-encrypted. What I had in mind was creating a new password and mailing you that. R's, John

RE: Thousands of hosts on a gigabit LAN, maybe not

Also, do you need line rate forwarding? Having 1,000 devices with 1Gb uplinks doesn't necessarily mean that full throughput is required... the clustering and the applications may be sporadic and bursty? It's definitely sporadic and bursty. There's another network for high speed traffic among

RE: Thousands of hosts on a gigabit LAN, maybe not

off topic The first thing that came to mind was Bitcoin farm! then Ask Bitmaintech and then I'd be more worried about the number of fans and A/C units. /off topic I promise, no bitcoins involved. R's, John

Re: Fixing Google geolocation screwups

https://support.google.com/websearch/answer/873?hl=en He says he sent in the IP update three weeks ago, nothing happened. Any other suggestions? On 7 April 2015 at 23:26, John Levine jo...@iecc.com wrote: A friend of mine lives in Alabama and has business service from att. But Google

Re: BGP offloading (fixing legacy router BGP scalability issues)

http://www.americanbar.org/newsletter/publications/gp_solo_magazine_home/gp_solo_magazine_index/civilliability.html Nothing there about ISP liability other than noting the third-party immunity from the CDA.

Re: BGP offloading (fixing legacy router BGP scalability issues)

Please provide legal citations. ignore a dmca takedown request, see what happens. I know people who have ignored lots of DMCA notices. Of course, it was pretty clear that the notices were bogus. R's, John

Re: content regulation, was Verizon Policy Statement on Net Neutrality

As I said above, retail customers. Business customers get static IPs and generaly no blocking. Business customers only get static from Comcast if they pay extra for it. I'm in a T-W area, haven't checked Comcast's prices lately. But if you don't have a static IP, it's a poor idea to try

Re: content regulation, was Verizon Policy Statement on Net Neutrality

Well, actually, it does. Every broadband network in the US currently blocks outgoing port 25 connections from retail customers. Unfortunately, that's not entirely true. (Very) recent direct-to-MX spam from Comcast customers: Well, it's supposed to be blocked, according to people I've talked

Re: content regulation, was Verizon Policy Statement on Net Neutrality

With the legal content rule, I expect some bottom feeding bulk mailers to sue claiming that their CAN SPAM compliant spam is legal, therefore the providers can't block it. How would this legal environment be any different than the pre-Verizon network neutrality rules for network management of

Re: content regulation, was Verizon Policy Statement on Net Neutrality

So long as the broadband service provider's e-mail filtering is performed only on their e-mail server and does not involve blocking IP traffic on consumers' connections. Well, actually, it does. Every broadband network in the US currently blocks outgoing port 25 connections from retail

Re: HTTPS redirects to HTTP for monitoring

I expect your users would fire you when they found you'd blocked access to Google. And they would sue you for gross negligence for decrypting their ssn when access company payroll and cpni data May I suggest that playing Junior Lawyer on nanog rarely turns out well. These filter boxes are

Re: whois server features

ARIN, APNIC, and RIPE have prototypes already that are a lot easier to script than the text WHOIS. Meaning the data structure is in place or they have a RDAP service up? Both. ARIN's and RIPE's are based on early versions so the URLs and JSON aren't quite what RDAP says they should be yet.

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

I just with Wifi calling was ubiquitous. isn't it in every android phone since ~1yr ago? Yes, but it works poorly when walking the dog. R's, John

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

Although this might not apply to you in the US, anyone else thinking about trying this might want to check up on possible legal backlash from using one of these devices. I know you can't legally use one of these in Dubai. These are sold by the carriers and are completely legal here. On 16

Re: Transparent hijacking of SMTP submission...

There’s a big difference between illegal and civil liability for breech of contract. If I am paying someone for access to the internet, then I expect them not to modify, alter, rewrite, or otherwise interfere with my packets. If they do so, they may not have violated 47 USC 230, but they have

Re: autoresponding to Yahoo DMARC breakage

The most sane out-of-mind response should only be sent *if* the out-of-mind person is named explicitly as a recipient in the RFC822 To: header. Anything To: somelist@somehost does not qualify :) This highly effective trick was in the procmail example vacation script in 1991, and doubtless

Re: hack #2 for Yahoo DMARC breakage

2: introduce an Original Authentication Results header to indicate you have performed the authentication and you are validating it This was someone's hack that doesn't work. The idea is that you make an RFC5451 Authentication-Results header for the incoming message, change the name to

Re: autoresponding to Yahoo DMARC breakage

This highly effective trick was in the procmail example vacation script in 1991, and doubtless goes back much farther than that. It's a little dismaying to hear that there are still people writing autoresponders who don't know about it. what is procmail? The scriptable mail delivery agent

Re: autoresponding to Yahoo DMARC breakage

On Wed, Apr 9, 2014 at 6:11 PM, bmann...@vacation.karoshi.com wrote: and just how is an algorithm supposed to detect that jeff-k...@utc.edu is a single human and not a list? If the autoresponder is sane, it looks for: List-Id: North American Network Operators Group

Re: procmail, was autoresponding to Yahoo DMARC breakage

On 4/9/2014 5:45 PM, George Michaelson wrote: procmail is a rewrite of MMDF mailfilter. badly. Thanks, but I believe it slightly preceded MMDF's equivalent facility. On the average, Allman put comparable features into sendmail sooner than I did. Procmail's user interface, if you can call it

Can I borrow some MTA address traces?

As noted about a zillion messages ago, one of the concerns about IPv6 mail is whether DNSBLs will be workable, with one of the questions being whether the lookups will blow away DNS caches. As far as I can tell, there is basically no research on DNS cache behavior other than a few very old

Re: e-postage still doesn't work, why IPv6 isn't ready for prime time, SMTP edition

Contrary to the commonly held belief that this is fundamentally impossible, we propose several solutions that do achieve a reasonable level of double spending prevention Yes, that's Bitcoin's claim to fame. Perhaps the number of zeroes doesn't make a difference; but solving the double

Re: why IPv6 isn't ready for prime time, SMTP edition

Don't forget Vanquish was a complete failure, so why would this be any different? and do I want Phil Raymond to sue me for violating the patent on this exact scheme? That was a specific reply by me to a specific suggestion of a mechanism refunding e-postage to the sender if one wanted an

Re: why IPv6 isn't ready for prime time, SMTP edition

The numbers you list in your argument against a micropayment system being able to function are a fraction of the number of transactions Facebook deals with in updating newsfeeds for the billion+ users on their system.[0] ... which is completely irrelevant because they don't have a double

  1   2   >