On Mon, Oct 18, 2021 at 11:22 AM Dave Crocker via mailop <mailop@mailop.org> wrote:
> > > On 10/18/2021 10:56 AM, Brandon Long wrote: > > > > > > On Sat, Oct 16, 2021 at 2:35 PM Dave Crocker via mailop > > <mailop@mailop.org <mailto:mailop@mailop.org>> wrote: > > > > > > > > On 10/15/2021 5:40 PM, Grant Taylor via mailop wrote: > > > The motivation for spreading service IPs across different /24 > > prefixes > > > is so that if > > > > The issue here is not the generic one of using multiple IPs. It is > > about using them to separate IMAP from SMTP. That's an entirely > > different matter. > > > > To the extent that anyone claims that there is a reptuation-related > > reason for this kind of separate, for this kind of service > distinction, > > they need to provide substantial detail that makes the validity of > the > > reason crystal clear. > > > > > > I have not seen it specifically for IMAP and SMTP, but I have seen it > > for SMTP and HTTP. > > Indeed. Both of those get into the reputation game (and do need to.) > > IMAP is used with an internal login. Separate reputation analysis, in > the style of an abuse filtering engine, doesn't make sense to me. > > > > Specifically, I've seen people block http(s) access to an A record based > > on a hostname pointed at it > > being advertised in spam or if the smtp server and web server are > > shared, ie they don't block by port > > instead, they use a broad block in both directions. > > Sure, if a bad actor -- who doesn't have to log in - connects to a > service, it makes sense to accumulate whatever reputation of them you > can, across services. > > But as soon as the system connecting has to privately register with you, > for on-going access, I'd expect that to involve a /very/ different > assessment engine, since there is more and persistent knowledge about > them. > > I suppose that knowing the connect from an address that is problematic > might be interesting, but, well... sigh. > Right, if spam is being sent from compromised hosts, the hosts could be used for other things like password/hijacking attacks against IMAP... but then, your smtp server has a lot of other problems already at that point.... though, you could also be blocking your customers infected desktops. Anyways, I stand by that there is unlikely to be overlap between people blocking your smtp server and your customers accessing your imap server... you'd have to suppose a block list that for the former being used by your customers or someone between them and your imap server.... or your imap server using such a blocklist without whitelisting itself, I guess. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop