Re: Messages in junk/spam box
On 02/22/2010 12:11 AM, Tarig Y. Adam wrote: Hi Messages we send from our mail sever always received at SPAM box in many Public Mail servers like hotmail, yahoo, and gmail. We made a revers dns lookup, and there is no spamming from our server, still messages go to junk. how to solve this. i would consider setting SPF records for your domains mailservers. cheers, raoul -- DI (FH) Raoul Bhatia M.Sc. email. r.bha...@ipax.at Technischer Leiter IPAX - Aloy Bhatia Hava OG web. http://www.ipax.at Barawitzkagasse 10/2/2/11 email.off...@ipax.at 1190 Wien tel. +43 1 3670030 FN 277995t HG Wien fax.+43 1 3670030 15
Re: Messages in junk/spam box
On 2/22/2010 4:09 AM, Raoul Bhatia [IPAX] wrote: On 02/22/2010 12:11 AM, Tarig Y. Adam wrote: Hi Messages we send from our mail sever always received at SPAM box in many Public Mail servers like hotmail, yahoo, and gmail. We made a revers dns lookup, and there is no spamming from our server, still messages go to junk. how to solve this. i would consider setting SPF records for your domains mailservers. Seems obvious to me. Stop send stuff earmarked as junk. NANAE is probably a better place to whine.
Re: Looking Glass software - what's the current state of the art?
On 2/21/10 7:41 PM, Joel M Snyder wrote: We are migrating our web server from platform A to mutually incompatible platform B and as a result the 7-year-old DCL script I wrote that does Looking Glass for us needs to be replaced. (from my comments, looks like I stole the idea from e...@digex.net...) I'm guessing that someone else has done a better job and I should be just downloading and using an open source tool. What's the current thinking on a good standalone Looking Glass that can be opened to the Internet-at-large? jms If you want to try other Looking Glass sources, I've listed a few of the more recent implementations here: http://www.traceroute.org/#source%20code HTH, Thomas
DNS server software
Hello all, We are a mid-sized carrier (1.2M broadband subscribers) and we are looking for an upgrade in our public DNS resolver infrastructure, so we are interested in getting to know what are you guys using in your networks. Mainly what kind/brand of software and which architecture did you use to deploy it, and how did you do the sizing, all of it would be most helpful information. Many thanks in advance for your advice! cl.
Chuck Norris Botnet and Broadband Routers
Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. Original Czech: http://praguemonitor.com/2010/02/16/czech-experts-uncover-global-virus-network English: http://www.pcworld.com/businesscenter/article/189868/chuck_norris_botnet_karatechops_routers_hard.html When I raised this issue before in 2007 on NANOG, some other vetted mailing lists and on CircleID, the consensus was that the vendors will not change their position on default settings unless something happens, I guess this is it, but I am not optimistic on seeing activity from vendors on this now, either. CircleID story 1: http://www.circleid.com/posts/broadband_routers_botnets/ CircleID story 2: http://www.circleid.com/posts/broadband_router_insecurity/ The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. In tests Prof. Randy Vaughn and I conducted with some ISPs in 2007-8 the results have not been promising. Further, many of these devices world wide serve as infection mechanisms for the computers behind them, with hijacked DNS that points end-users to malicious web sites. On the ISPs end, much like in the early days of botnets, many service providers did not see these devices as their responsibility -- even though in many cases they are the providers of the systems, and these posed a potential DDoS threat to their networks. As a mind-set, operationally taking responsibility for devices located at the homes of end users made no sense, and therefore the stance ISPs took on this issue was understandable, if irresponsible. As we can't rely on the vendors, ISPs should step up, and at the very least ensure that devices they provide to their end users are properly set up (a significant number of iSPs already pre-configure them for support purposes). The Czech researchers have done a good job and I'd like to thank them for sharing their research with us. In this article by Robert McMillan, some details are shared in English: -- Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: in nome di Chuck Norris, which means in the name of Chuck Norris. Norris is a U.S. actor best known for his martial arts films such as The Way of the Dragon and Missing in Action. Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview. A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue. Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers. -- Read more here: http://www.pcworld.com/businesscenter/article/189868/chuck_norris_botnet_karatechops_routers_hard.html I will post updates on this as I discover them on my blog, under this same post, here: http://gadievron.blogspot.com/2010/02/chuck-norris-botnet-and-broadband.html Gadi.
Re: DNS server software
Claudio Lapidus (clapidus) writes: Hello all, We are a mid-sized carrier (1.2M broadband subscribers) and we are looking for an upgrade in our public DNS resolver infrastructure, so we are interested in getting to know what are you guys using in your networks. Mainly what kind/brand of software and which architecture did you use to deploy it, and how did you do the sizing, all of it would be most helpful information. You'd probably want to start taking a look at unbound: http://unbound.net/ It's open source, and actively maintained by NLNetLabs. Setup properly on a decent OS and anycasted, it performs extremely well - better than some commercial solutions. PowerDNS also has an open source solution (www.powerdns.com). PowerDNS is easily modified with custom backends (using a simple pipe interface). Then there are solutions from Nominum if you want to pay yourself out the question, as well as products from Infoblox (they are more targeted towards corporate DNS, but have recently introduced what they claim to be ISP class resolvers). There's also Secure64, which I haven't tested but some people are very happy with it. All of the above support DNSSEC. Sizing considerations will depend on your network topology, how many customers / PoP, etc... You may want to ask the dns operations list (https://lists.dns-oarc.net/mailman/listinfo/dns-operations) for advice, but please wait until you've collected a bit more data on which solution you'd consider, and it's usually not very useful to ask is vendor solution X better than Y. Cheers, Phil
Email Portability Approved by Knesset Committee
The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, just like mobile providers do today with phone numbers. This new legislation makes little technological sense, and will certainly be a mess to handle operationally as well as beurocratically, but it certainly is interesting, and at least the notion is beautiful. The proposed bill can be found here [Doc, Hebrew]: http://my.ynet.co.il/pic/computers/22022010/mail.doc Linked to from this ynet (leading Israeli news site) story, here: http://www.ynet.co.il/articles/0,7340,L-3852744,00.html I will update this as things evolve on my blog, here: http://gadievron.blogspot.com/ Gadi.
Re: Chuck Norris Botnet and Broadband Routers
On Mon, 2010-02-22 at 16:21 +0200, Gadi Evron wrote: Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. What makes this any different than psyb0t, which was discovered in the wild last year? William
Re: Chuck Norris Botnet and Broadband Routers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Feb 22, 2010 at 7:17 AM, William Pitcock neno...@systeminplace.net wrote: On Mon, 2010-02-22 at 16:21 +0200, Gadi Evron wrote: Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. What makes this any different than psyb0t, which was discovered in the wild last year? Nothing. Good point. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLgqQKq1pz9mNUZTMRAsH7AKDoL9/RLSDAslAcJtHDnPk7iiVoawCffSgq gMZWi47oFDmp595zfX/HZ9U= =6FLZ -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Chuck Norris Botnet and Broadband Routers
Hi, team. William Pitcock wrote: On Mon, 2010-02-22 at 16:21 +0200, Gadi Evron wrote: Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. What makes this any different than psyb0t, which was discovered in the wild last year? Or Coldlife aka Coldbot, which dates back to circa 2004 (at least)? It came bundled with a list of 2K+ compromised routers. Secure your routers, folks! This includes D-Link, Juniper, and Cisco. They're all targets, and regularly exploited. Juniper: SSH brute force, some telnet (ugh!) brute force. Cisco: telnet and SSH brute force, some old web bugs. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml http://www.cymru.com/Documents/secure-ios-template.html http://www.cymru.com/gillsr/documents/junos-template.pdf Updates and suggestions welcome! Compromised routers are useful for DoS, sure, but more useful as proxies and IRC bounces. Remember the first big wave of DNS amplification attacks against Stormpay, et al.? That same perp built a large overlay network of tunnels between compromised routers (most of which spoke eBGP). Concerned that your routers might be compromised? Send us a note at team-cy...@cymru.com and we'll let you know what we've seen. We'll need your ASN(s) or CIDR block(s). Thanks, Rob. -- Rob Thomas Team Cymru https://www.team-cymru.org/ ASSERT(coffee != empty);
Re: Chuck Norris Botnet and Broadband Routers
On 2/22/10 5:17 PM, William Pitcock wrote: On Mon, 2010-02-22 at 16:21 +0200, Gadi Evron wrote: Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. What makes this any different than psyb0t, which was discovered in the wild last year? Absolutely nothing. I think it is mentioned in the PC World story though. Thanks for bringing it up. Gadi. William
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 10:09 AM, Gadi Evron g...@linuxbox.org wrote: The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, just like mobile providers do today with phone numbers. This new legislation makes little technological sense, and will certainly be a mess to handle operationally as well as beurocratically, but it certainly is interesting, and at least the notion is beautiful. The proposed bill can be found here [Doc, Hebrew]: http://my.ynet.co.il/pic/computers/22022010/mail.doc Linked to from this ynet (leading Israeli news site) story, here: http://www.ynet.co.il/articles/0,7340,L-3852744,00.html I will update this as things evolve on my blog, here: http://gadievron.blogspot.com/ Gadi. Why does this seem like a really bad idea? -james
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy
Re: Email Portability Approved by Knesset Committee
On Feb 22, 2010, at 11:24 AM, Robert Brockway wrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Bring back the MB or MR DNS records? (Only half a smiley.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Email Portability Approved by Knesset Committee
I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. Alas, such was not their fate :) I would watch out for this idea, it might actually catch on in various places, warts and all... On Mon, Feb 22, 2010 at 11:24 AM, Robert Brockway rob...@timetraveller.orgwrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 11:24 AM, Robert Brockway rob...@timetraveller.orgwrote: IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). To me that seems reasonable. but if they do what has been suggested how long before the rest of world implements the same policy? Also wouldn't this help put the final nails in email's coffin? Also what about ISPs choosing to stop providing email services?
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 04:24:54PM +, Robert Brockway wrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. Same thing applies to mobile companies. Realistically, this isn't going to be a particularly massive amount of traffic. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? This bit is slightly more difficult. All the same, you can easily figure out a password system for talking to support (with a login password, and a support password, say. Not the most secure thing possible, but in practise as good as any ISPs mail system's is likely to be.) IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Changing an email address takes far longer than 3 months, ime. I still get the odd mail to one I stopped using 3-4 years ago. Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy -- --
Re: Email Portability Approved by Knesset Committee
There's no way to do this without some underlying forwarding... and aside from the obvious inefficiencies, bear in mind that any spam mitigation devices on the last hop that decide they are receiving spam are going to direct their wrath (reputation scores, blacklisting, greylisting, rate limiting, what-have-you) at the last forwarding hop, not at the origin. We get enough collateral damage from legitimate voluntary forwarding already. I would shudder to think of mandated, irrevocable forwarding. Jeff
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 10:24 AM, Robert Brockway wrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: I dare say. I own example. I fire George for a long list of foul deeds. He goes to work for another company and writes email from geo...@example.com that injures my reputation. Not a good plan at all. 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. Believe it or not, some people have email addresses that are not intrinsically ISP addresses. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? Again, it might all be within one ISP--and is still irrelevant. IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Governments requiring people to do things that are not good ideas often have unexpected (even if obvious) consequences. My reaction, if I were in a position to do so, would be to stop providing email addresses. Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why is that relevant? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
Gadi Evron wrote: The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, just like mobile providers do today with phone numbers. Likely result: less ISPs will offer email services as part of the package, or will find some other way to shift responsibility to a third party. --Patrick
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 10:30:53AM -0600, Larry Sheldon wrote: On 2/22/2010 10:24 AM, Robert Brockway wrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: I dare say. I own example. I fire George for a long list of foul deeds. He goes to work for another company and writes email from geo...@example.com that injures my reputation. Not a good plan at all. 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. Believe it or not, some people have email addresses that are not intrinsically ISP addresses. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? Again, it might all be within one ISP--and is still irrelevant. Actually, this is really simple to fix. Don't provide smtp service, only pop/imap. Then they never need to contact you. At least one Irish ISP already does something similar for ex-subscribers. IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Governments requiring people to do things that are not good ideas often have unexpected (even if obvious) consequences. My reaction, if I were in a position to do so, would be to stop providing email addresses. Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why is that relevant? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- --
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 10:30 PM, Larry Sheldon larryshel...@cox.netwrote: On 2/22/2010 10:24 AM, Robert Brockway wrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: I dare say. I own example. I fire George for a long list of foul deeds. He goes to work for another company and writes email from geo...@example.com that injures my reputation. Not a good plan at all. I think, it will apply only users's email address, not of employee of the particular ISP. --Mustafa
Re: Email Portability Approved by Knesset Committee
There are huge differences in LNP/WLNP vs. Email Address portability. Prior to LNP/WLNP, there was already SS7 which is, essentially a centralized layer of indirection for phone numbers. This was necessary in order to support multiple LECs serving the same NPA-NXX anyway. Once that was in place, LNP/WLNP was almost a no-brainer from a call routing perspective. The issue was with the administrative process and the level of ethics exhibited by some of the phone-company participants (slamming, etc.). We saw the same thing in DNS. LNP is much more like domain name portability than email address portability. We already have domain name portability and had it long before LNP/WLNP. The owner of a domain has always been able to change the NS records pointing to the authoritative DNS servers for said domain. If users care about email portability, they should simply get their own domain and move the domain around as they see fit. Given google and other email hosting providers which will trivially host your email domain and the low annual cost of registering a domain, I'm not sure why legislators would think doing it differently is a good idea. If I were an Israeli ISP and this law were to pass, I'd simply discontinue providing email service for my customers and suggest they get their email via Google, Yahoo, or other free email service. Owen On Feb 22, 2010, at 8:26 AM, Dorn Hetzel wrote: I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. Alas, such was not their fate :) I would watch out for this idea, it might actually catch on in various places, warts and all... On Mon, Feb 22, 2010 at 11:24 AM, Robert Brockway rob...@timetraveller.orgwrote: On Mon, 22 Feb 2010, James Jones wrote: Why does this seem like a really bad idea? While I think the principal is noble there are operational problems: 1) Large and increasing quantity of email will be forwarded between Israeli ISPs, loading their networks with traffic that could have been avoided. 2) Every time someone changes ISP and wants to continue using this address they will need to notify their original ISP, who they may not have had a business relationship with for many years. This will be a significant operational challenge I expect. How do you confirm the person notifying you is the real owner of the address, for example? IMHO it would have been better to require the ISPs to forward the email for a reasonable period of time (say 3 months) to allow the user to make relevant notifications (or just stop using an ISP bound email address). Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy
Re: Email Portability Approved by Knesset Committee
I dare say. I own example. I fire George for a long list of foul deeds. He goes to work for another company and writes email from geo...@example.com that injures my reputation. I suspect we are only talking about email addresses provided as part of a commercial service, not as an aspect of one's job. For example, if I have a Nextel cellphone, and then they get bought by Sprint and I decide they now suck, and I move my phone service to T-Mobile so I can get a cool new G1, then Sprint is obliged to release my phone number and let T-Mobile provide my new service using it. However, if I work for Bob's Widgets, and they fire me because I'm a slacker, I'm not expecting I get to keep the number associated with my work-issued cellphone, no matter what carrier issued it... Even if Bob's Widgets was really a carrier providing a phone on their own network... -dorn
Re: Email Portability Approved by Knesset Committee
A thing being missed here is this: A telephone number does not have an obvious affinity with personal intellectual-property-like information. (402 332- is not obviously a Northwest Bell-USWest-Quest telephone number, but at least two of them are now served by Cox. A person using a 917 NNX- number in has now turned useful information into noise, but that is not quite the same thing.) An email address that ends in example.com irrevocably ties the address user to the company Example and may in fact be affirmatively harmful beyond the technical difficulty of implementation. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: In wall switches
On 2/16/10 11:28 AM, Andrey Khomyakov wrote: Does anyone know of anything like a small, but managed in wall switch? I have an area where the business needs to deploy more thin client kiosks than I have data drops and it's impossible to add more due to how the walls on that floor (basement) where finished. A Mikrotik RB750 would fit the bill nicely. It has additional routing features that are probably not necessary, but will do simple managed switching features easily, and I think it can even be powered by PoE. http://routerboard.com/index.php?showProduct=56 -- Josh Cheney josh.che...@gmail.com http://www.joshcheney.com
Re: In wall switches
I ordered 4 of the 3CNJ2000. The came in the other day. So far, looks like they will work out fine, considering they even support .1x (supposedly), but I already noticed an annoying thing - they don't get the DHCP address reliably and fall back the 169. address. So one would have to disconnect from the network to configure them and they retain a static IP just fine. I updated the firmware on them and the annoyance seem to have gone away, but one would still have to connect them first before one can update the firmware. Just keep in mind if you ever run across those PS. They also support LLDP which comes in handy during deployment. On Mon, Feb 22, 2010 at 12:03 PM, Josh Cheney josh.che...@gmail.com wrote: On 2/16/10 11:28 AM, Andrey Khomyakov wrote: Does anyone know of anything like a small, but managed in wall switch? I have an area where the business needs to deploy more thin client kiosks than I have data drops and it's impossible to add more due to how the walls on that floor (basement) where finished. A Mikrotik RB750 would fit the bill nicely. It has additional routing features that are probably not necessary, but will do simple managed switching features easily, and I think it can even be powered by PoE. http://routerboard.com/index.php?showProduct=56 -- Josh Cheney josh.che...@gmail.com http://www.joshcheney.com -- Andrey Khomyakov [khomyakov.and...@gmail.com]
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010 10:30:53 CST, Larry Sheldon said: Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why is that relevant? For the same reason that if I cited a link that lead to a page in Latvian, you'd have a hard time double-checking that my 4-line summary of the page actually matched what the page said, so you'd have to run with my 4-line summary. Google Translate actually does a reasonable job at first-pass translation of Latvian that captures the general gist of it, but it still makes me facepalm on occasion. Of course, the more critical the exact nuances, the more likely it is to egregiously screw up. It's 17C in Riga works fine, but the distinction between mandate new laws and recommend new policies still troubles it. pgpSM8qoZtb6q.pgp Description: PGP signature
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 10:49 PM, Larry Sheldon larryshel...@cox.netwrote: An email address that ends in example.com irrevocably ties the address user to the company Example and may in fact be affirmatively harmful beyond the technical difficulty of implementation. IMHO, ISPs would be forged to take Google's policy of Email addresses. x...@gmail.com for beta-users, like you and me; while x...@google.com for employees. But surely it will create technical implication along with many others. -- Mustafa
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 11:19 AM, valdis.kletni...@vt.edu wrote: On Mon, 22 Feb 2010 10:30:53 CST, Larry Sheldon said: Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why is that relevant? For the same reason that if I cited a link that lead to a page in Latvian, you'd have a hard time double-checking that my 4-line summary of the page actually matched what the page said, so you'd have to run with my 4-line summary. Google Translate actually does a reasonable job at first-pass translation of Latvian that captures the general gist of it, but it still makes me facepalm on occasion. Of course, the more critical the exact nuances, the more likely it is to egregiously screw up. It's 17C in Riga works fine, but the distinction between mandate new laws and recommend new policies still troubles it. You don't note when you are taking somebody's word when they write in English. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Assistance Required for Masters Program
I am in the process of enrolling in a Masters of Information Assurance (MSIA) program and need some assistance. The program requires that we complete a case study at the end of each three month term. I have chosen to do my case studies on the Internet Service Provider industry. I worked in the industry for 5+ years, so I am pretty comfortable with the technology. I am looking for a couple of CISSP level engineers or even Information Security officers who work for an Internet service provider to act as industry contacts. The purpose of the case studies is to baseline course content against current industry practices. So, I will be producing a case study that will identify current industry practices and makes recommendations on how the industry as a whole can improve security. My work may even be published in those ubiquitous industry rags. Because security is a sensitive subject, you have the option of remaining anonymous in my reports. Thanks Erik Jacobsen
Re: Email Portability Approved by Knesset Committee
Am I missing something? All the ISP has to do is to provision a pop3 / imap / webmail mailbox for that user and keep it around. On Mon, Feb 22, 2010 at 10:14 PM, Owen DeLong o...@delong.com wrote: There are huge differences in LNP/WLNP vs. Email Address portability. Prior to LNP/WLNP, there was already SS7 which is, essentially a centralized layer of indirection for phone numbers. This was necessary in order to support -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 11:22 AM, Mustafa Golam - wrote: On Mon, Feb 22, 2010 at 10:49 PM, Larry Sheldon larryshel...@cox.netwrote: An email address that ends in example.com irrevocably ties the address user to the company Example and may in fact be affirmatively harmful beyond the technical difficulty of implementation. I don't think I said the following line--if I was demented enough to have done that, I retract it. IMHO, ISPs would be forged to take Google's policy of Email addresses. x...@gmail.com for beta-users, like you and me; while x...@google.com for employees. But surely it will create technical implication along with many others. And I am talking about places that people that have no connection with g[.*] The key that I missed, and we have to hope the pols did not is that question of ownership. I think you will see a drying up of availability of email--which has interesting implications in the realm of unique addresses possible, for example. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010, Dorn Hetzel wrote: I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. I'm sure they would :) I know very little of the workings of cell (or landline) phone networks but I expect if it worked the same way Internet routing does then the Telco networks would have had serious problems under the weight of rerouted calls. I would watch out for this idea, it might actually catch on in various places, warts and all... OTOH if it fails in a screaming heap in Israel it may show everyone else why it is a bad idea :) Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 11:28 AM, Joe Abley wrote: On 2010-02-22, at 10:09, Gadi Evron wrote: The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. Just out of interest, are those ISP-tied e-mail addresses always run by the ISP, or are they occasionally outsourced in the manner of Rogers' (Canada) or BT's (UK) respective deals with Yahoo! (US)? It'd be an interesting twist if contracts between e-mail providers outside Israel and ISPs inside suddenly made this requirement for e-mail address portability leak beyond Israel's borders. I have been wondering about that too--the Internet may be the only artifact of human existence that is generally border insensitive (with exceptions we don't need to enumerate). I note that quite a few country TLDs are hosted in other countries. Whose laws prevail? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
On 2010-02-22, at 10:09, Gadi Evron wrote: The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. Just out of interest, are those ISP-tied e-mail addresses always run by the ISP, or are they occasionally outsourced in the manner of Rogers' (Canada) or BT's (UK) respective deals with Yahoo! (US)? It'd be an interesting twist if contracts between e-mail providers outside Israel and ISPs inside suddenly made this requirement for e-mail address portability leak beyond Israel's borders. Joe
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 11:29 AM, Suresh Ramasubramanian wrote: Am I missing something? All the ISP has to do is to provision a pop3 / imap / webmail mailbox for that user and keep it around. And provide storage, support, .., mail-bomb cleanup. Whose TOS applies? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010, Larry Sheldon wrote: Believe it or not, some people have email addresses that are not intrinsically ISP addresses. Indeed. I'm sure pretty much everyone here know why ISPs offer email services. My reaction, if I were in a position to do so, would be to stop providing email addresses. Yes this may well be a sensible business decision. Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why is that relevant? Because I don't speak Hebrew. The statement is a disclaimer that I need to rely on Gadi's summary rather than reading the thing in detail for myself, as I would have preferred to do. Cheers, Rob -- Email: rob...@timetraveller.org IRC: Solver Web: http://www.practicalsysadmin.com I tried to change the world but they had a no-return policy
Re: Email Portability Approved by Knesset Committee
On 2/22/10 12:28 PM, Joe Abley wrote: On 2010-02-22, at 10:09, Gadi Evron wrote: ... It'd be an interesting twist if contracts between e-mail providers outside Israel and ISPs inside suddenly made this requirement for e-mail address portability leak beyond Israel's borders. Off-list I asked an equivalent transitive service provisioning question for a service not mentioned, but possibly associated with ISP provided email services. The technical issue area is IDNAbis and EAI for those interested in the specification aspect. I've no clear answer as yet, and my interest is semi-academic. Eric
Re: Email Portability Approved by Knesset Committee
My initial reaction: Does the law in any way imply this mail address has to be provided for free? If not then I don't see any real problem on the surface. It just means we have to offer the opportunity to keep the mail address functioning for a fee. That said, what does occur to me is what happens when we've closed someone's account for email abuse (e.g., a spammer)? That thought might be extended to non-payment, if an account is closed for non-payment is there any further obligation under this law? I assume sane heads will prevail in such cases but until then this might conceivably create a loophole for some miscreant to harass the provider. As a general rule miscreants often have no shame. I suppose the whole forwarding / spamblocking issue arises but that's not any different than any service which allows forwarding. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Email Portability Approved by Knesset Committee
* Steven Bellovin: Bring back the MB or MR DNS records? (Only half a smiley.) Eh, you don't want to put this information into a public database. Officially, for privacy reasons. Unofficially, to create a barrier to market entry.
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010 11:24:09 CST, Larry Sheldon said: You don't note when you are taking somebody's word when they write in English. Actually, we do. So tell me Larry - if I cited a Latvian web page, and gave a summary, would you feel comfortable blindly passing it along without mentioning the fact that you were unable to verify what the page said? What if I quoted a web page in English that was slashdotted or otherwise 404'ed by the time you tried to look at it, so you never saw the page but only what I allegedly quoted? Would you pass *that* along without notice as well? Or would you note the page 404's for me? pgpwJCUN1y6mE.pgp Description: PGP signature
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 12:34 PM, Barry Shein wrote: That said, what does occur to me is what happens when we've closed someone's account for email abuse (e.g., a spammer)? I've been thinking about that issue--spammer drop-boxes. But we are not supposed to talk about spammers here so I was going to take it up on NANAE. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 9:29 AM, Suresh Ramasubramanian wrote: Am I missing something? All the ISP has to do is to provision a pop3 / imap / webmail mailbox for that user and keep it around. As a permanent requirement for all accounts, including changes as the user moves around -- long-term churn is 100% within relatively few years-- and to expect all domain owners who originally host a mailbox to then do this forwarding admin and ops competently, this is going to be a serious problem. The scheme is certain to be quite unreliable along multiple axes. Worse, I had not thought of Sheldon's excellent point about negative reputation blowback on the domain owner. Per the followup comments on this, the domain owner might be able to do some things in domain name usage and IP Address assignment to mitigate this, the initial and on-going costs of getting this right and the likelihood of eliminating all blowback are problematic. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Email Portability Approved by Knesset Committee
On Feb 22, 2010, at 1:42 PM, Florian Weimer wrote: * Steven Bellovin: Bring back the MB or MR DNS records? (Only half a smiley.) Eh, you don't want to put this information into a public database. Officially, for privacy reasons. Unofficially, to create a barrier to market entry. Right; I was not seriously suggesting that the DNS was the right spot for it. I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. Then, of course, there's problem of upgrading the $\aleph_0$ mail senders out there to comply... --Steve Bellovin, http://www.cs.columbia.edu/~smb
artifacts (was Re: Email Portability Approved by Knesset Committee_
On 2/22/2010 9:35 AM, Larry Sheldon wrote: I have been wondering about that too--the Internet may be the only artifact of human existence that is generally border insensitive (with exceptions we don't need to enumerate). Pollution. Global warming. Nuclear fallout. ... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: DNS server software
I do hosting rather than network provisioning, but when I was doing network provisioning we used PowerDNS' resolver. Its small, and its very, very fast. Its customizable and can be scripted using LUA. http://www.powerdns.com On 2/22/2010 9:16 AM, Claudio Lapidus wrote: Hello all, We are a mid-sized carrier (1.2M broadband subscribers) and we are looking for an upgrade in our public DNS resolver infrastructure, so we are interested in getting to know what are you guys using in your networks. Mainly what kind/brand of software and which architecture did you use to deploy it, and how did you do the sizing, all of it would be most helpful information. Many thanks in advance for your advice! cl.
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 12:42 PM, valdis.kletni...@vt.edu wrote: On Mon, 22 Feb 2010 11:24:09 CST, Larry Sheldon said: You don't note when you are taking somebody's word when they write in English. Actually, we do. So tell me Larry - if I cited a Latvian web page, and gave a summary, would you feel comfortable blindly passing it along without mentioning the fact that you were unable to verify what the page said? Yes. If I cited it would indicate that I trusted your judgment. I would expect you to feel insulted if I said that in this exceptional case I trusted you, but I didn't think that should be assumed. What if I quoted a web page in English that was slashdotted or otherwise 404'ed by the time you tried to look at it, so you never saw the page but only what I allegedly quoted? Would you pass *that* along without notice as well? Or would you note the page 404's for me? I might very well say Valdis said to identify the source. I would not normal grade the quality of the reference. I'm out. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why on earth would you trust Gadi when you could trust me and some acquaintances at Google? http://translate.google.co.uk/translate?js=yprev=_thl=enie=UTF-8layout=1eotf=1u=http://www.ynet.co.il/articles/0,7340,L-3852744,00.htmlsl=autotl=en --Michael Dillon
Re: Email Portability Approved by Knesset Committee
I have an idea. Everyone just get a gmail (or otherwise neutral account) like me.com or gmail.com or yahoo.com and be done with it. J On Feb 22, 2010, at 11:49 AM, Larry Sheldon wrote: A thing being missed here is this: A telephone number does not have an obvious affinity with personal intellectual-property-like information. (402 332- is not obviously a Northwest Bell-USWest-Quest telephone number, but at least two of them are now served by Cox. A person using a 917 NNX- number in has now turned useful information into noise, but that is not quite the same thing.) An email address that ends in example.com irrevocably ties the address user to the company Example and may in fact be affirmatively harmful beyond the technical difficulty of implementation. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- Joel Esler http://blog.joelesler.net
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010, Steven Bellovin wrote: I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. Then, of course, there's problem of upgrading the $\aleph_0$ mail senders out there to comply... See the 251 and 551 response codes first specified in RFC 788 section 3.2 and currently specified in RFC 5321 section 3.4. No-one implements them. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Re: Email Portability Approved by Knesset Committee
s...@cs.columbia.edu: I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. We already have SMTP's 221 and 521 response codes for this. But because the response text is free-form there's no way to reliably parse out the new address. Fixing this is a bit tricky since the SMTP grammar defines Reply-line in a way that makes it difficult to return the sort of structed response you would need. --lyndon
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 1:16 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote: s...@cs.columbia.edu: I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. We already have SMTP's 221 and 521 response codes for this. But because the response text is free-form there's no way to reliably parse out the new address. Fixing this is a bit tricky since the SMTP grammar defines Reply-line in a way that makes it difficult to return the sort of structed response you would need. I don't think I know the details of the law, but I would guess that address portability does not imply the address you have reach is not in service. The new address is. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: DNS server software
Claudio Lapidus clapi...@gmail.com writes: We are a mid-sized carrier (1.2M broadband subscribers) and we are looking for an upgrade in our public DNS resolver infrastructure, so we are interested in getting to know what are you guys using in your networks. Mainly what kind/brand of software and which architecture did you use to deploy it, and how did you do the sizing, all of it would be most helpful information. Unsurprisingly, we (AS1280, AS3557) run BIND 9. see http://www.isc.org/. We have at least two recursives in each AS1280 site, and one in each AS3557 location (f-root). Stubs (either /etc/resolv.conf or DHCP) each use all local plus some non-local, for a minimum of three total. Recursive DNS servers do not use forwarding or other cache-sharing techniques, each is fully independent. Most have DNSSEC validation enabled, and of those, all are subscribed to ISC DLV, see http://dlv.isc.org/. Most server hosts here run FreeBSD on AMD64/EM64T or else i386. -- Paul Vixie KI6YSY
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010 19:02:38 GMT, Michael Dillon said: Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Why on earth would you trust Gadi when you could trust me and some acquaintances at Google? http://translate.google.co.uk/translate?js=yprev=_thl=enie=UTF-8layout=1eotf=1u=http://www.ynet.co.il/articles/0,7340,L-3852744,00.htmlsl=autotl=en And the first paragraph renders as: If you switch to the Knesset's bill Ronit Tirosh, Internet subscribers will be able to switch Internet providers in different email address and keep the previous society, like mobility cellular Good enough to follow the gist of it, but by the end of the first sentence, I'm already seriously doubtful as to its ability to catch subtle nuances and details - and nuances and details are critical here. (To be fair, Google Translate *does* do a yeoman job of a mostly hopeless task. It however still has its occasional hovercraft full of eels moments, usually when the distinction between eels and kippers matters most. ;) pgp09cK9mxVMr.pgp Description: PGP signature
Re: Spamhaus and Barracuda Networks BRBL
On 2/22/2010 12:40 AM, Suresh Ramasubramanian wrote: Is it your position that, as a vendor of antispam services, nobody else should offer their services for a fee? That would be strange indeed Actually I can sympathize with Barracuda on this one: Bob's Widgets is running thier own mail server for their 25 employees. They decide the need better spam filters. They can hire Bob's nephew to drop in a Linux server running Postfix and SpamAssassan. In this situation it's OK for Little Bobby to configure the Spamhaus RBLs for use on this solution. They could also hire Barracuda to do essentially the same thing (assumption based on source code published at http://source.barracuda.com/source/ ). In this case Bob's Widgets is not allowed to use Spamhaus. Their list, their rules; but it is indeed strange to me. -- Dave
Re: Spamhaus...
On Sun, 21 Feb 2010 14:57:31 GMT, Paul Vixie said: Rich Kulawiec r...@gsp.org writes: We're well past that. Every minimally-competent postmaster on this planet knows that clause became operationally obsolete years ago [1], and has configured their mail systems to always reject, never bounce. [2] for smtp, i agree. yet, uucp and other non-smtp last miles are not dead. In exactly the same sense, and for the same reasons, that 36-bit machines are not dead yet. pgpX18Y2eYFBu.pgp Description: PGP signature
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010, Dorn Hetzel wrote: I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. Alas, such was not their fate :) I would watch out for this idea, it might actually catch on in various places, warts and all... Can IP number portability be far behind? You think your routing tables are big now?! Wait till you are mandated to carry /32s for IP number portability :-) -Hank
Re: Email Portability Approved by Knesset Committee
On Feb 22, 2010, at 1:58 PM, Florian Weimer wrote: * Steven Bellovin: Right; I was not seriously suggesting that the DNS was the right spot for it. I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. Then, of course, there's problem of upgrading the $\aleph_0$ mail senders out there to comply... There's already SMTP support for this, see RFC 5321, section 3.4. This has been carried over from RFC 821, which already contain the 251/551 response codes. Thanks; I'd forgotten about those. However, this is still a public database for which you cannot charge access, so it's not the solution we're looking for. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Spamhaus and Barracuda Networks BRBL
On 2/22/2010 1:40 PM, Dave Sparro wrote: On 2/22/2010 12:40 AM, Suresh Ramasubramanian wrote: Is it your position that, as a vendor of antispam services, nobody else should offer their services for a fee? That would be strange indeed Actually I can sympathize with Barracuda on this one: Bob's Widgets is running thier own mail server for their 25 employees. They decide the need better spam filters. They can hire Bob's nephew to drop in a Linux server running Postfix and SpamAssassan. In this situation it's OK for Little Bobby to configure the Spamhaus RBLs for use on this solution. They could also hire Barracuda to do essentially the same thing (assumption based on source code published at http://source.barracuda.com/source/ ). In this case Bob's Widgets is not allowed to use Spamhaus. The issue is not whether Bob's can use the list to turn a profit, but whether Barracuda can. Their list, their rules; but it is indeed strange to me. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
Hank Nussbacher wrote: On Mon, 22 Feb 2010, Dorn Hetzel wrote: I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. Alas, such was not their fate :) I would watch out for this idea, it might actually catch on in various places, warts and all... Can IP number portability be far behind? You think your routing tables are big now?! Wait till you are mandated to carry /32s for IP number portability :-) Don't need to harm the routing-table to do that, we have mobile-ip. -Hank
Re: DNS server software
On 22-2-2010 15:39, Phil Regnauld wrote: PowerDNS also has an open source solution (www.powerdns.com). PowerDNS is easily modified with custom backends (using a simple pipe interface). All of the above support DNSSEC. I do not think so: http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software DNSSEC support in PowerDNS is currently restricted to being able to serve DNSSEC-related RRs. No further DNSSEC processing takes place. I have reviewed all popular DNS software recently, PowerDNS was really OK, but eventually I have decided not to go with it due to lack of full DNSSEC support. -- Grzegorz Janoszka
Re: Spamhaus and Barracuda Networks BRBL
On Mon, 2010-02-22 at 14:40 -0500, Dave Sparro wrote: Their list, their rules; but it is indeed strange to me. Not too strange: Little Bobby probably does one or two jobs and goes away, leaving the system to run by itself. the SpamAssassin people receive nothing from his choice of software. If Bob decides he wants to buy a commercial appliance from a profit-making company (presumption being made here) who are in turn making significant use of a free resource such as the SpamHaus lists in their appliance's configuration, and those appliances become very popular (as I understand they might be), then the infrastructure costs associated with the appliance are shifted away from both the vendor and the end-user onto the provider. If said provider gets a bit shirty about this and decides that they're going to analyse and block traffic from those appliances if they haven't paid for a service... If you stand back and look at this dispassionately then I would expect a large majority of this list would probably act in a similar way (or their companies or employers would) given a similar situation with their services. TANSTAAFL. Really. Someone has to pay for the meal; why should it be the chef? Graeme
Re: artifacts (was Re: Email Portability Approved by Knesset Committee_
On Feb 22, 2010, at 2:53 PM, Dave CROCKER wrote: On 2/22/2010 9:35 AM, Larry Sheldon wrote: I have been wondering about that too--the Internet may be the only artifact of human existence that is generally border insensitive (with exceptions we don't need to enumerate). Pollution. Global warming. Nuclear fallout. Externalities are the last refuge of the dirigistes. -- Friedrich Hayek ;-) Cheers, RAH
Re: Spamhaus and Barracuda Networks BRBL
On 2/22/10 11:40 AM, Dave Sparro wrote: Actually I can sympathize with Barracuda on this one: Bob's Widgets is running thier own mail server for their 25 employees. They decide the need better spam filters. They can hire Bob's nephew to drop in a Linux server running Postfix and SpamAssassan. In this situation it's OK for Little Bobby to configure the Spamhaus RBLs for use on this solution. They could also hire Barracuda to do essentially the same thing (assumption based on source code published at http://source.barracuda.com/source/ ). In this case Bob's Widgets is not allowed to use Spamhaus. Their list, their rules; but it is indeed strange to me. Bob is in the widget business, he profits from selling widgets. He doesn't profit from the spam-filtering business. Spamhaus is, out of sheer niceness to the community, willing to accommodate one-off widget makers with some freebies. Thank you. Spamhaus. We appreciate it. Barracuda is in the spam-filtering business, they profit directly from it. Spamhaus isn't willing to allow a for-profit entity to deploy their filters on thousands of machines at substantial cost to Spamhaus in terms of bandwidth and server load without being compensated for it. This seems reasonable to me. If Bob's Widgets' nephew syncs Bob's machine to the University of Wisconsin's NTP server, it isn't a big deal. When Netgear hard-codes UoW's NTP server's IP into a gazillion consumer boxes, it is. That's the difference. http://pages.cs.wisc.edu/~plonka/netgear-sntp/ -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: DNS server software
I have been using BIND9. I have also seen a number of folks try other things, but I have found when testing those software that DNSSEC/EDNS0 and properly handling DNS query/response on TCP are not well supported. On Feb 22, 2010, at 8:16 AM, Claudio Lapidus wrote: Hello all, We are a mid-sized carrier (1.2M broadband subscribers) and we are looking for an upgrade in our public DNS resolver infrastructure, so we are interested in getting to know what are you guys using in your networks. Mainly what kind/brand of software and which architecture did you use to deploy it, and how did you do the sizing, all of it would be most helpful information. Many thanks in advance for your advice! cl.
Re: artifacts (was Re: Email Portability Approved by Knesset Committee_
Hmmm. While it's easy and reasonable to call these externalities, I suspect a good case could be made that they are not, since they affect the principals, as well as everyone else... I'm confused by the reference to archaic, structured balloons... d/ ps. Creative misunderstanding is also a convenient refuge. -- dcrocker On 2/22/2010 12:24 PM, R.A. Hettinga wrote: On Feb 22, 2010, at 2:53 PM, Dave CROCKER wrote: On 2/22/2010 9:35 AM, Larry Sheldon wrote: I have been wondering about that too--the Internet may be the only artifact of human existence that is generally border insensitive (with exceptions we don't need to enumerate). Pollution. Global warming. Nuclear fallout. Externalities are the last refuge of the dirigistes. -- Friedrich Hayek -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: Email Portability Approved by Knesset Committee
Dude, think to the future -- /128s! On Mon, Feb 22, 2010 at 3:03 PM, Hank Nussbacher h...@efes.iucc.ac.il wrote: On Mon, 22 Feb 2010, Dorn Hetzel wrote: I am sure the various carriers faced with the onset of Local Number Portability and WLNP in this part of the world would have been happy to escape with only forwarding phone calls for 3 months. Alas, such was not their fate :) I would watch out for this idea, it might actually catch on in various places, warts and all... Can IP number portability be far behind? You think your routing tables are big now?! Wait till you are mandated to carry /32s for IP number portability :-) -Hank
Re: Email Portability Approved by Knesset Committee
On Feb 22, 2010, at 12:51 PM, Dave CROCKER wrote: Per the followup comments on this, the domain owner might be able to do some things in domain name usage and IP Address assignment to mitigate this, the initial and on-going costs of getting this right and the likelihood of eliminating all blowback are problematic. The thing to do is to send a note to the Knesset explaining this, and telling them that you plan to send them the bills. http://www.ipinc.net/IPv4.GIF
Announcing xtractr (on pcapr)
We just released xtractr, a collaborative cloud app for indexing, searching, extracting and reporting on large pcaps. This thread on NANOG is one of the many use cases that xtractr attempts to solve: http://mailman.nanog.org/pipermail/nanog/2009-December/015661.html You can learn more about xtractr on our blog: http://bit.ly/d7yrKl or watch a demo: http://www.pcapr.net/xtractr Thanks, K. --- http://www.pcapr.net/ http://www.mudynamics.com http://twitter.com/pcapr
log parsing tool?
Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD
TWTELECOM.NET to the white courtesy phone!
Would someone at twtelecom.net's NOC please contact me about a routing issue we are having with you. You apparently have an internal route for one of our netblocks that is causing packets destined to us to be blackholed. TWTELECOM is an upstream of an upstream. -- Bob Poortinga K9SQLhttp://www.linkedin.com/in/bobpoortinga Technology Service Corp.http://www.tsc.com Bloomington, Indiana US +1-812-558-7070
Re: log parsing tool?
Splunk ZanOSS PHP-Syslog-NG aka logzilla LogLogic On 2/22/10 3:15 PM, fedora fedora fedoraf...@gmail.com wrote: Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD
Re: log parsing tool?
SEC (Simplet Event Correlator) is a very effective tool for this, IMHO. I am by no means an expert with it, but I know several people who are, and while it is not as well known as splunk or some other tools, I have been very impressed by the results I've seen using it. As with any event correlation tool, there is a significant level of invested effort required to make use of this. http://simple-evcorr.sourceforge.net/ Below is a presentation about SEC. http://www.occam.com/sa/CentralizedLogging2009.pdf On Mon, Feb 22, 2010 at 2:15 PM, fedora fedora fedoraf...@gmail.com wrote: Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD -- -- Darren Bolding -- -- dar...@bolding.org --
Re: log parsing tool?
I personally like SEC (Simple Event Correlator), check out http://simple-evcorr.sourceforge.net/ Jeff Rooney jtroo...@nexdlevel.com On Mon, Feb 22, 2010 at 4:15 PM, fedora fedora fedoraf...@gmail.com wrote: Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD
Re: log parsing tool?
ah, never heard of SEC before and it really looks interesting, Thanks everyone for the great input! FD On Mon, Feb 22, 2010 at 4:34 PM, Jeff Rooney jtroo...@nexdlevel.com wrote: I personally like SEC (Simple Event Correlator), check out http://simple-evcorr.sourceforge.net/ Jeff Rooney jtroo...@nexdlevel.com On Mon, Feb 22, 2010 at 4:15 PM, fedora fedora fedoraf...@gmail.com wrote: Greetings, Anyone has good recommendations for an open-sourced log parsing and analyzing application? It will be used to work with syslog-ng and other general syslog and application logs. I have been looking at swatch and logwatch, but would like to find out if there are other good choices, thanks FD
Re: log parsing tool?
On Feb 22, 2010, at 4:49 PM, fedora fedora wrote: ah, never heard of SEC before and it really looks interesting, Take a look at SLCT, also by Risto Vaarandi: http://ristov.users.sourceforge.net/slct/ SLCT can parse huge amounts of logs very fast. We use it to crunch firewall logs and also to find ports that are flapping excessively. Dale
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 10:30 AM, Jeff Kell jeff-k...@utc.edu wrote: There's no way to do this without some underlying forwarding... and Forwarding SMTP traffic consumes major bandwidth resources (potentially), as the number of 'ports' eventually increases, and seems like a juicy target for many different types of potential abuses. There are major technical hurdles that should be considered, otherwise ISPs probably wouldn't care much to provide mailboxes, and instead: might simply recommend an overseas service (not subject to the port rules) for people who want e-mail. Or include purchase of a domain name in the price of getting e-mail service, it's just another tax required due to government regulations, ISP/telephone/cable subscribers are already used to those types of fees.When the end user purchases their own domain, it's up to them to transfer their own domain name and deal with all the technical issues that entails. Issues like: spam against forwarded addresses (impossible to reliably implement SPF and other sending MTA based protections). Possibility of the porting mail server being blacklisted (interfering with forwarding), having, sketchy connectivity, or other persistent issues, or low message size limits No more than a 500mb attachment can be forwarded, that might have been the reason the user switched e-mail providers in the first place, so they could receive 30gb HD-DVD ISOs their friends were e-mailing them. Resolving the destination address is what DNS is for, not what SMTP routing is for. Perhaps there is... Give every e-mail user a subdomain as in examplemail...@examplemailbox.example.com To port an e-mail address,the receiving ISP then provides a domain name server for the donor ISP to publish as in... mailbox.example.com IN NStheirdns1.example2.com Use IN NS subdelegation to the user's new ISP. This requires the ISP to plan for portability, by designating a subdomain for each user, and having DNS software that can handle (potentially) hundreds of thousands of permanent mailbox records. For authentication, to request a change, make it be proven that the request is coming from a legitimate authority of the host the IN NS record points to. Or else rewrite the SMTP specification to change how the SMTP server is selected for every single e-mail transaction (assuming the internet community actually thinks this is worthwhile) Instead of merely performing a lookup of MX against just the host label (where MX exists), bring in Mailbox binding As in bring back RFC 883 MAILB: qname=mail...@mx.example.comQTYPE=MAILB after a successful response from a QTYPE=MX query. If NXDOMAIN is returned from MAILB then proceed to contact the MX. But if MR responses arereceived from the MAILB query, then the sending MTA should switch to the recipient destination as directed. And repeat the MX and MAILB lookup process with the new destination... But the presence of a MAILB record must not imply that the e-mail address likely exists. The absence must not imply the e-mail address likely doesn't exist, either Otherwise spammers would be very happy. ISPs must wildcard MAILBs or have some very robust abuse-protections in DNS itself, or end-users would never want to use MAILB-based porting. -- -J
Re: Email Portability Approved by Knesset Committee
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Mon Feb 22 09:10:55 2010 Date: Mon, 22 Feb 2010 17:09:45 +0200 From: Gadi Evron g...@linuxbox.org To: NANOG Operators Group na...@merit.edu Subject: Email Portability Approved by Knesset Committee The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, just like mobile providers do today with phone numbers. This new legislation makes little technological sense, and will certainly be a mess to handle operationally as well as beurocratically, but it certainly is interesting, and at least the notion is beautiful. Quick! Somebody propose a snail-mail portability bill. When a renter changes to a different landlord, his snail-mail address will be optionally his to take along, just like what is proposed for ISP clients. The proposed bill can be found here [Doc, Hebrew]: http://my.ynet.co.il/pic/computers/22022010/mail.doc Linked to from this ynet (leading Israeli news site) story, here: http://www.ynet.co.il/articles/0,7340,L-3852744,00.html I will update this as things evolve on my blog, here: http://gadievron.blogspot.com/ Gadi.
Re: Email Portability Approved by Knesset Committee
On Mon, 22 Feb 2010 19:35:10 CST, James Hess said: Resolving the destination address is what DNS is for, not what SMTP routing is for. You think the situation is bad now, imagine if the X.400 ADMD= and PRMD= had caught on. ;) pgpR6neOmBgus.pgp Description: PGP signature
Re: Email Portability Approved by Knesset Committee
On Tue, 2010-02-23 at 13:38 +1100, Mark Andrews wrote: In message 201002230227.o1n2radp021...@mail.r-bonomi.com, Robert Bonomi write s: Quick! Somebody propose a snail-mail portability bill. When a renter changes to a different landlord, his snail-mail address will be optionally his to take along, just like what is proposed for ISP clients. You can pay for this redirection service if you want it. Usually it is time limited and often not fully implemented. But with snail-mail it usually ¬just works¬, uses existing proven technology, provides a little extra revenue for the carriers, etc etc etc I just don't see any of the above happening with _this_ proposal. Hmm, maybe 'proposal' isn't the correct word for it - by a long way. I have a feeling it's going to be implemented in the following manner: ./great_idea.sh | bad_plan /dev/null Hey - maybe they should submit an RFC? :) next up: State of Israel vs. SORBS et al. ding-ding! Maybe I'm too pessimistic? Gord
Re: Email Portability Approved by Knesset Committee
In article fddc4e5f9aeda526d68b236708b0d...@yyc.orthanc.ca you write: s...@cs.columbia.edu: I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. We already have SMTP's 221 and 521 response codes for this. But because the response text is free-form there's no way to reliably parse out the new address. Assuming you mean 251 and 551, the new address is in brackets making it straightforward to parse. There's the minor detail that nobody has, as far as I can tell, ever implemented either, but the spec's there if you want it. R's, John
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 10:38 PM, John Levine wrote: In article fddc4e5f9aeda526d68b236708b0d...@yyc.orthanc.ca you write: s...@cs.columbia.edu: I am seriously suggesting that a redirect mechanism -- perhaps the email equivalent of HTPP's 301/302 -- would be worth considering. We already have SMTP's 221 and 521 response codes for this. But because the response text is free-form there's no way to reliably parse out the new address. Assuming you mean 251 and 551, the new address is in brackets making it straightforward to parse. There's the minor detail that nobody has, as far as I can tell, ever implemented either, but the spec's there if you want it. When Somebody calls one of my portable telephone numbers, they don't get a message telling them they have to call some other number. The get call progress tones. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Email Portability Approved by Knesset Committee
Unfortunately the links cited are in Hebrew so I'm only going on Gadi's report here. Google Translate is your friend. Yes, even on MS Word documents written in Hebrew. R's, John
Re: Email Portability Approved by Knesset Committee
On 2/22/2010 8:42 PM, Larry Sheldon wrote: When Somebody calls one of my portable telephone numbers, they don't get a message telling them they have to call some other number. The get call progress tones. You are confusing what is presented to the end-user with what might be going on within the infrastructure service. Call progress tones are the former and their primary goal is to keep the user happy, providing very constrained information. Especially for mobile phones, there is often all sorts of forwarding signallying going on while you hear to tones. In general, a core problem with the Knesset law is that it presumes something that is viable for the phone infrastructure is equally - or at least tolerably - viable in the email infrastructure. Unfortunately, the details of the two are massively different in terms of architecture, service model, cost structures and operational skills. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
Re: log parsing tool?
On Mon, 2010-02-22 at 18:14 -0600, Dale W. Carder wrote: Take a look at SLCT, also by Risto Vaarandi: http://ristov.users.sourceforge.net/slct/ SLCT can parse huge amounts of logs very fast. We use it to crunch firewall logs and also to find ports that are flapping excessively. +1, SLCT definitely finds the needles in haystacks of huge syslog files Gord -- best viewed in mailx
Re: Email Portability Approved by Knesset Committee
On Feb 23, 2010, at 1:06 AM, gordon b slater wrote: On Mon, 2010-02-22 at 21:20 -0800, Dave CROCKER wrote: In general, a core problem with the Knesset law is that it presumes something that is viable for the phone infrastructure is equally - or at least tolerably - viable in the email infrastructure. Unfortunately, the details of the two are massively different in terms of architecture, service model, cost structures and operational skills. Good point Dave; for the mobile phone industry, number portability is an endpoint thing - no harder to change than a field in a billing/accounting database (the SIM#, keeping it very simple here), for email its a WHOLE lot more. And who runs this database? Local number portability requires a new database, one that didn't exist before, It's run by a neutral party and maps any phone number to a carrier and endpoint identifier. (In the US, that database is currently run by Neustar -- see http://www.neustar.biz/solutions/solutions-for/number-administration) Figuring out how such a solution would work with email is left as an exercise for the reader. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Email Portability Approved by Knesset Committee
On Mon, Feb 22, 2010 at 11:08:54AM -0500, James Jones wrote: On Mon, Feb 22, 2010 at 10:09 AM, Gadi Evron g...@linuxbox.org wrote: According to this proposed bill, when a client transfers to a different ISP the email address will optionally be his to take along, just like mobile providers do today with phone numbers. Why does this seem like a really bad idea? actually, i think its a great idea. now the ISPs will have an actual interest in shutting down and eliminating SPAM, as it would make little economic sense to be forwarding huge amounts of email around when the bulk of it is just gonna be discarded anyways. ( i'm half joking ) -- Jim Mercerj...@reptiles.org+92 336 520-4504 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: Email Portability Approved by Knesset Committee
My initial reaction: Does the law in any way imply this mail address has to be provided for free? If you had spent 10 seconds with Google Translate on the URL in Gadi's message, you'd already know. (gosh that only took 12 hours to suggest) Obviously we're discussing a legal and regulatory system most of us here are unfamiliar with, there may be other considerations. But in the USofA a law like this would raise some serious trademark issues. When you manage a valuable trademark your lawyer lectures you about how a trademark has to represent a particular product of a particular quality or else a court can deem it invalid or even fraudulent. There are only two ways this sort of law is likely to be implemented: a) The original ISP continues to provide email for that address. b) Some other ISP provides that service. I suppose a third way, via a third party, is possible but I don't think that defuses the trademark issue. The exact mechanics are a different discussion. Since the first ISP is no longer being paid the practical solution seems to be (b), the original ISP cooperates and hands over service to the new provider somehow. But how can the original ISP be assured that email going out under what appears to be their mark (consider x...@aol.com or x...@msn.com) represents their product in any way the law requires? It would be a conflict and a potential dilution of one's mark. Particularly, as others have suggested, if that product implies availability, spam filtering, support, storage, recovery in the event of lost storage, TOS, etc. In contrast, a phone number has no such trademark implications for the provider, one generally doesn't say oh, 555-555-1234, an ATT phone number! Perhaps it's possible to know this, but it's not common knowledge, it doesn't generally represent the public's view of the ATT mark. I don't think the law would be workable in the US. I'd be surprised if the law doesn't run into similar problems in Israel. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
RE: Email Portability Approved by Knesset Committee
-Original Message- From: Barry Shein [mailto:b...@world.std.com] Sent: Tuesday, February 23, 2010 7:55 AM To: John Levine Cc: nanog@nanog.org Subject: Re: Email Portability Approved by Knesset Committee My initial reaction: Does the law in any way imply this mail address has to be provided for free? If you had spent 10 seconds with Google Translate on the URL in Gadi's message, you'd already know. (gosh that only took 12 hours to suggest) Obviously we're discussing a legal and regulatory system most of us here are unfamiliar with, there may be other considerations. But in the USofA a law like this would raise some serious trademark issues. When you manage a valuable trademark your lawyer lectures you about how a trademark has to represent a particular product of a particular quality or else a court can deem it invalid or even fraudulent. There are only two ways this sort of law is likely to be implemented: a) The original ISP continues to provide email for that address. b) Some other ISP provides that service. I suppose a third way, via a third party, is possible but I don't think that defuses the trademark issue. The exact mechanics are a different discussion. Since the first ISP is no longer being paid the practical solution seems to be (b), the original ISP cooperates and hands over service to the new provider somehow. But how can the original ISP be assured that email going out under what appears to be their mark (consider x...@aol.com or x...@msn.com) represents their product in any way the law requires? And now think about it with SPF records (and checks for SPF records). All outgoing mail should also go via the OLD provider. Including domainnames (for email) would be the solution for this. In other cases only (a) seems to be available. Maybe a payment between the old and new provider is the solution for it. How to do this if the old provider is stopping? It is a realistic possibility that they stop. It would be a conflict and a potential dilution of one's mark. Particularly, as others have suggested, if that product implies availability, spam filtering, support, storage, recovery in the event of lost storage, TOS, etc. Just mention that this law is above the other law regarding Trademarks and you will need to follow this law. What if a domain get listed because a new provider doesn't use a spam filter on outgoing messages, how to get delisted for the old provider? Some lists might be based on the from header in emails. In contrast, a phone number has no such trademark implications for the provider, one generally doesn't say oh, 555-555-1234, an ATT phone number! Perhaps it's possible to know this, but it's not common knowledge, it doesn't generally represent the public's view of the ATT mark. I don't think the law would be workable in the US. I'd be surprised if the law doesn't run into similar problems in Israel. Regards, Mark