Re: [mailop] Old subject, awareness, given recent Microsoft disclosure.. blocking port 25 from dynamic/DUL networks
on Fri, Jul 09, 2021 at 09:25:57AM +0200, Hans-Martin Mosner via mailop wrote: > IMHP that's the wrong approach. The question isn't whether IP > addresses are dynamically or statically assigned, but whether it is > possible with reasonable effort to find an entity that is responsible > for SMTP traffic coming from an IP address. It doesn't matter whether > the IP address has no pointer, has "dynamicip" or "staticip" or one of > the various anonymous cloud hosting domain names in it. I can assure you that the approach is valid. I don't know of anyone who still accepts mail from hosts without a PTR, period. And I do know for certain that many find distinguishing between generic, static, and dynamic (as well as several other classifications, such as shared or dedicated webhosts, residential university networks, NATs, etc.) extremely useful in the context of not just inbound SMTP but also a variety of other contexts where the nature of the source matters. Correlations are useful. Now, you're right in thinking that reaching a responsible party is an important aspect of making manual decisions as to who to block; with the devastation that is WHOIS and the GDRP that has become well-nigh impossible in many, if not most, cases, and the proliferation of idiocy that is the failure to provide a working abuse@ address for every domain and replacing them with alternates or even jump-through-hoops Web forms for reporting abuse isn't helping. It's a lot easier to set policy based on your tolerance for static/dynamic/generic/etc. and let the MTA or filter make the decisions for you using a dataset based on classified naming conventions. Why should that be any different than how you might use SPF or DKIM/DMARC? YMMV, your server, your rules. But I wouldn't have been able to collect and classify almost 275K naming patterns over the past 18 years, with a coverage of ~97% of the IPv4 PTR namespace, if someone didn't find the dataset valuable... Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Old subject, awareness, given recent Microsoft disclosure.. blocking port 25 from dynamic/DUL networks
Am 09.07.21 um 00:20 schrieb Steven Champeon via mailop: > on Thu, Jul 08, 2021 at 02:28:13PM -0700, Michael Peddemors via mailop wrote: >> Ex. 1.186.104.104x1 1.186.104.104.dvois.com > Even better still dvois.com uses the same naming for dynamics and > statics. At least they only have the couple - though they also use > static.dvois.com right anchored PTR naming, they don't ALWAYS, so it's a > risk to just assume. I've dealt with Indian ISPs with hundreds, if not > thousands of naming "conventions". The old vsnl and bsnl were awful. > >> Time to brush off M3AAWG best practices.. listing what ports do not >> need to be open on dynamic IP home style networks.. > That's just it - you can't assume dynamic with dvois.com, and many more. > I have at least 136 patterns that I had to throw my hands up and call > "mixed" because they either lie, don't distinguish, or are so > incompetent they can't be bothered to not hand out statics with 'dyn' > token labels, and vice versa (eg., rima-tde). Much of Brazil is simply > generic, stuff like 1-2-3-4.example.net.br. We tend to assume generic == > dynamic, especially when they've got tiny allocations, but shrug. > > Steve > IMHP that's the wrong approach. The question isn't whether IP addresses are dynamically or statically assigned, but whether it is possible with reasonable effort to find an entity that is responsible for SMTP traffic coming from an IP address. It doesn't matter whether the IP address has no pointer, has "dynamicip" or "staticip" or one of the various anonymous cloud hosting domain names in it. You might want to make individual exceptions for IPs that you know are associated with fixed domains (for example, when SPF records indicate that the IP is being used by that domain and you trust the domain itself), but as a general rule, clients accessing port 25 should have non-generic PTR entries. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Old subject, awareness, given recent Microsoft disclosure.. blocking port 25 from dynamic/DUL networks
on Thu, Jul 08, 2021 at 02:28:13PM -0700, Michael Peddemors via mailop wrote: > Ex. 1.186.104.104 x1 1.186.104.104.dvois.com Even better still dvois.com uses the same naming for dynamics and statics. At least they only have the couple - though they also use static.dvois.com right anchored PTR naming, they don't ALWAYS, so it's a risk to just assume. I've dealt with Indian ISPs with hundreds, if not thousands of naming "conventions". The old vsnl and bsnl were awful. > Time to brush off M3AAWG best practices.. listing what ports do not > need to be open on dynamic IP home style networks.. That's just it - you can't assume dynamic with dvois.com, and many more. I have at least 136 patterns that I had to throw my hands up and call "mixed" because they either lie, don't distinguish, or are so incompetent they can't be bothered to not hand out statics with 'dyn' token labels, and vice versa (eg., rima-tde). Much of Brazil is simply generic, stuff like 1-2-3-4.example.net.br. We tend to assume generic == dynamic, especially when they've got tiny allocations, but shrug. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
