On Mon 27/Dec/2021 17:50:11 +0100 yuv wrote:
The first thing to make internet email viable for the future is to establish a defensible perimeter and keep bad actors out. Easier said than done. The problem does not affect email only. It affects anything internet. Lacking a proper perimeter, my network is my perimeter and the default rule at my router is nothing in, nothing out, until an exception is added. I am not there yet, but nearly. Maintaining lists of allowed IP addresses is not as difficult as it sounds. There will be pain along the way, but if service providers are not able to federate around clear rules to establish a defensible perimeter and keep out the bad actors, I have no other choices. Enough is enough. It is time to make operators liable for what emanates from their IP addresses, and until that liability is in place, filter them out, cost what it cost.
Yeah, we inevitably fall back to IP address lists. Perhaps not so much because it's easier to outline a perimeter using numbers than names, but because it's rather immediate to operate on the former. A set of good names would sound like a meaningful friendly region, immune from changes of ISP.
OTOH, if it were possible to ascribe each nastiness to its actual culprit, we'd still need a policy to treat them effectively. IME, banning for a period, à la fail2ban, requires too much looking after exceptions. But allowing to each individual to run a million-email spam act even just once in a lifetime is obviously too much. I don't think a military approach would do much better.
Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
