RE: spamcop

To: <debian-user@lists.debian.org>
Subject: RE: spamcop
From: "Seth Goodman" <sethg@GoodmanAssociates.com>
Date: Thu, 21 Sep 2006 14:53:28 -0500
Message-id: <[🔎] MHEGIFHMACFNNIMMBACAEEBENFAA.sethg@GoodmanAssociates.com>
Reply-to: <sethg@GoodmanAssociates.com>
In-reply-to: <[🔎] 200609202348.k8KNmRXo032598@isp2dial.com>

On Wednesday, September 20, 2006 5:48 PM -0500, John Kelly wrote:

> On Wed, 20 Sep 2006 18:01:38 -0500, "Seth Goodman"
> <sethg@GoodmanAssociates.com> wrote:
>
> > > require matching DNS, forward and reverse

<...>

> > some large servers won't use it.
>
> I don't know of any.  But if there really are some sending
> legitimate mail, I would be interested in collaborating to maintain
> a whitelist of them.  Need to be LARGE though, to be worthwhile.

This is large system receiving policy, not the large system
configuration.  All the large senders I know about have properly
configured DNS.  There are far too many small MTA's with misconfigured
DNS, however, for a large MTA to ban without a steady stream of customer
complaints.  You seem aware of this problem in your later post:

On Thursday, September 21, 2006 9:53 AM -0500, John Kelly wrote:

> The improper DNS false positive rate is low, less than 2%.  Admins
> must accept some collateral damage, if they expect to win the war.

It's a pity, but very few people think in terms of winning the spam war
anymore.  Most systems would consider this false positive rate unusable
by a large margin.  The larger the provider, the less workable this
solution.  While I would love to have this be an absolute requirement
for SMTP, there are too many incompetently administered systems from
which you must accept mail, and large parts of the developing world do
not routinely delegate rDNS.  This is a nasty problem that won't go away
quickly.

> There is resistance to this idea, because some admins fear losing
> any legit mail.  But given that the false positive rate is low, it
> should be feasible to develop and maintain a whitelist of
> legitimate mail servers lacking proper DNS.  I'm not volunteering,
> but it's an idea that has merit.

This works fine for small systems but doesn't scale.  Admins can't be
bothered whitelisting everyone's one or two correspondents with broken
DNS, and almost everyone has some, even in the developed world.
Customers will not tolerate _their_ correspondent's mail being blocked
when those systems are not abusing any networks.

> The list may also urge offending admins to set up proper DNS, like
> when newspapers publish a shame list of people who have not paid
> their property tax.

We already have rfc-ignorant and it is widely ignored.  The only people
who care are the ones who would never get on that list in the first
place.

--
Seth Goodman

Reply to:

Follow-Ups:
- Re: spamcop
  - From: John Kelly <jak@isp2dial.com>

References:
- Re: spamcop
  - From: John Kelly <jak@isp2dial.com>

Prev by Date: kmail transports question
Next by Date: Re: spamcop
Previous by thread: Re: spamcop
Next by thread: Re: spamcop
Index(es):
- Date
- Thread