Re: SORBS?!
On 07/04/12 05:11, David Miller wrote: RBLs don't block emails. Operators of mail servers who use RBLs block emails (in part) based on information from RBLs. If only one could convince end-users of this fact. More often than not, end-user simply sees the company that they pay to provide them with email service, unable to provide it. Noone has a right to send email to anyone else. Email is a cooperative agreement between sender and receiver. The receiver agrees to accept the email, but at any time and for any reason the receiver can stop agreeing to accept emails from a sender. It is completely legal to decide not to accept (i.e. block) emails from a sender. Absolutely true. Of course, for the vast majority of end-users, they're simply expecting to be able to exchange email with anyone that has an email address. There's no connection between the end user, their local mail service providers administrators, and the decisions they make about who they'll exchange email with. Nevermind trying to make connections between mail service providers... RBLs are not beholden to senders. RBLs are beholden to the receivers who use their RBL to preserve the quality of the RBL. RBLs are a meritocracy. If an RBL either lists too many valid senders or does not list enough bad senders, then receivers will notice and stop using the RBL on their servers. Or receivers will be oblivious, and simply not care. (They don't know what they're not receiving). Consider an MSP with say, 1 Million mailboxes. What proportion of those customers are going to need to be affected by a poor RBL-based decision, and what proportion of those are going to be motivated to complain, and what proportion of those are going to get the attention of the right people, and what proportion of those will count for enough that the relevant beancounters see fit to change their RBL usage? Whilst i'm sure there's some players out there bucking the trend, the reality is that the senders MSP wind up carrying a lot of the cost; they have to find an out-of-band method of engaging the receiving MSP, advising them of the predicament, and justifying some sort of exception; they also obviously have to be seen to try to get off the RBL (and we've seen how hard SORBS, notably, make this) and the receiving ISP can fall back on the 'well everyone else is fine, so the vast majority of our expected inbound email is fine, why should we care about you, and change our behavior because of it?' Sending MSP then has to try to explain the reality to their customer, and risk losing business because their competitor isn't (right now) having the same problems... Bottom of my rambly-line is that as a major point of issue with your post; you're posting the position of the Network or Mail Service Operator as it 'should' be, but not indeed how it actually is, in practise. (And FWIW I agree with the poster who pointed out that RBL's would be unnecessary if network operators took responsibility for the behavior of their networks (ala their customers). The small players are usually pretty damn good. It seems that the bigger you get, the less you care about issues that affect a smaller proportion of your scale. Which probably explains the attitude that several of the big players take around rejecting email due to obscure reasons... Mark.
Re: Question about peering
On 6 Apr 2012, at 20:11, Anurag Bhatia wrote: I am curious to know how small ISPs plan peering with other interested parties. snip Hi, It's not the precise answer you're probably after, but I found the Internet Peering Playbook (http://drpeering.net/core/buyTheBook.html) to be full of examples of the sort of question you've asked. Can't remember where I found out about it (so apologies if this isn't news to you), but it did answer _many_ of the questions I had. Cheers, jmi -- http://jamie.macisa.ac mailto ja...@macisa.ac mobile +44 7715 707078 gnupg 1024D/A9E61DBE
Re: SORBS?!
i dont think anyone would miss sorbs if it was gone, dare i say it not even a single person while i would not dispute what you think you think, i think you are thinking quite incorrectly randy
Re: The day SORBS goes away ...
Yahoo's personnel have long since demonstrated that (a) they couldn't possibly care less about the spam, phishing, and other forms of abuse that they're emanating, supporting or hosting on a systemic and chronic basis (b) they are incapable of recognizing their own users, hosts, and networks even when same are explicitly pointed out to them (c) under no circumstances will they take any prompt or effective action -- they will, however, repeatedly lie about it and/or pass on complainers' personal information to the abusers so that they can retaliate. ---rsk
Re: The day SORBS goes away ...
On Sat, 7 Apr 2012, Rich Kulawiec wrote: I recently had a similar run-in with another ISP unrelated to Yahoo. It involved a phishing site on one of their customers. Countless emails to their abuse@ email went unanswered. Then one day I bumped into their VP who was trying to sell me something. I asked him about why they apppear so high on Ironport Senderbase with a huge spam pool as well as phishing sites that are not taken down. His answer, which might mirror Yahoo's (or not), was that at a corporate level they decided to only handle issues like this via a court order. They did not think it appropriate to interfere with their customers data in any sort of way unless a court order told them to make it stop. Clearly, this is idiotic reasoning and only when others start blocking their IP ranges and DNS servers will they ever wake up. But when the ISP is big enough, they think no one will block them and if they do it will just be small cases and nothing massive that would make them into a 2nd league ISP. This therefore becomes a cost savings area since you no longer need any abuse staff to handle your customers. You just ignore it all. -Hank Yahoo's personnel have long since demonstrated that (a) they couldn't possibly care less about the spam, phishing, and other forms of abuse that they're emanating, supporting or hosting on a systemic and chronic basis (b) they are incapable of recognizing their own users, hosts, and networks even when same are explicitly pointed out to them (c) under no circumstances will they take any prompt or effective action -- they will, however, repeatedly lie about it and/or pass on complainers' personal information to the abusers so that they can retaliate. ---rsk
Re: The day SORBS goes away ...
On Sat, Apr 07, 2012 at 08:33:10PM +0300, Hank Nussbacher wrote: On Sat, 7 Apr 2012, Rich Kulawiec wrote: Clearly, this is idiotic reasoning and only when others start blocking their IP ranges and DNS servers will they ever wake up. But how idiotic is it? Do you have all Yahoo IP space and domains blocked on your mail server? How many mailboxes does that cover? What percentage of Yahoo's daily e-mail volume are you blocking, and how much of a rat's arse do you think Yahoo cares? I think you can see where I'm going with this. It's only idiotic reasoning if it doesn't work, and so far as I can see, it's working just great -- there are effectively service providers who are too big to fai^Wblock, and so they get away with things that everyone else would only dream of. They do care about the almighty buck more than the 'net, but I'd say that almost all of us do, because almost none of us are willing to take the plunge and block Yahoo and other giant providers of spam and other abuse. (For the record, I'm in this camp, too -- I'm not willing to lose my job -- my almighty buck -- for taking the step of blocking Yahoo, so I'm not any sort of trailblazer along this path). To anyone out there who is blocking Yahoo, and is big enough for them to take notice, bravo to you! Speak up, tell the world what you're doing, and it might give the rest of us the courage and the precedent to do the same. - Matt -- A friend is someone you can call to help you move. A best friend is someone you can call to help you move a body.
Re: Question about peering
Actually, Suresh, I disagree. It depends on the facility/country/continent, the cost of joining the local IX fabric at a reasonable bandwidth, your cost model, and your transit costs. In short, it's not 1999 anymore, and peering is not automatically the right answer from a purely fiscal perspective (though it may be from a technical perspective; see below). At certain IXes that have a perfect storm of high priced ports and a good assortment of carriers with sufficiently high quality service and aggressive pricing, a good negotiator can fairly easily find himself in a position where the actual cost per megabit of traffic moved on peered bandwidth exceeds the cost of traffic moved on transit _by an order of magnitude_. That's without even factoring in the (low) maintenance cost of having a bunch of BGP sessions around or upgraded routers or whatever. Sometimes making the AS path as short as possible makes a lot of sense (e.g. when trying to get an anycast network to do the right thing), but assumptions that peering results in lower costs are less true every day. -r Suresh Ramasubramanian ops.li...@gmail.com writes: what does it cost you to peer, versus what does it cost you to not peer? if you are at the same ix the costs of peering are very low indeed On Saturday, April 7, 2012, Anurag Bhatia wrote: Hello everyone I am curious to know how small ISPs plan peering with other interested parties. E.g if ISP A is connected to ISP C via big backbone ISP B, and say A and C both have open peering policy and assuming the exist in same exchange or nearby. Now at this point is there is any minimum bandwidth considerations? Say if A and C have 1Gbps + of flowing traffic - very likely peering would be good idea to save transit costs to B. But if A and C have very low levels - does it still makes sense? Does peering costs anything if ISPs are in same exchange? Does at low traffic level it makes more sense to keep on reaching other ISPs via big transit provider? Thanks. -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia https://twitter.com/#!/anurag_bhatia Linkedin: http://linkedin.anuragbhatia.com -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Question about peering
On Sat, Apr 07, 2012 at 06:16:30PM -0400, Robert E. Seastrom wrote: Sometimes making the AS path as short as possible makes a lot of sense (e.g. when trying to get an anycast network to do the right thing), but assumptions that peering results in lower costs are less true every day. I keep reading people say that. But wouldn't the same forces that push down the per-megabit cost of transit also push down the per-megabit cost of peering?
Re: The day SORBS goes away ...
Something I'm considering is just limiting the max size of an email from Yahoo severely, enough to say I've changed my address from yahoo to ___. We get pounded day and night with multimegabyte (per each) spam emails from them. Yahoo isn't the only one but the most frequent. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Question about peering
Luke S. Crawford l...@prgmr.com writes: On Sat, Apr 07, 2012 at 06:16:30PM -0400, Robert E. Seastrom wrote: Sometimes making the AS path as short as possible makes a lot of sense (e.g. when trying to get an anycast network to do the right thing), but assumptions that peering results in lower costs are less true every day. I keep reading people say that. But wouldn't the same forces that push down the per-megabit cost of transit also push down the per-megabit cost of peering? Generally the costs of transit are pushed down by competition. As a vendor your costs for bandwidth/transport/port*bw may drop but you are unlikely to drop your prices to your customers merely because your costs have gone down unless prompted to by a competitor. In any given IX, cross-connect fibers and peering switch ports are often a monopoly. While not unheard-of for there to be two competing IX switch fabrics available in a single facility, the cross-connects to those competing exchanges are not free, and I'm not aware of any sizeabe facilities that are still run your own XC and don't pay anyone for it (of course, as soon as I say that I'll get private email or an IRC message pointing out the corner case). Consider the case of a peering n00b network (the target of this discussion after all) in hypothetical facility that charges $1000/month for a gigabit ethernet port on the peering fabric. You turn up a connection to this port and discover that (without buying people drinks / sushi dinners / etc at a conference) you can bring up enough peering with other networks to move 150 Mbit/sec on it. That's pretty optimistic for a small player, but still... now you're paying $6.66/mbit for that transit. If you can move 150 Mbit/sec to low-hanging-fruit transit you're probably between 1 and 2gbps total. How's that compare with what you're paying for transit with that level of commit? -r
Re: The day SORBS goes away ...
On Apr 7, 2012, at 6:35 PM, Barry Shein wrote: Something I'm considering is just limiting the max size of an email from Yahoo severely, enough to say I've changed my address from yahoo to ___. We get pounded day and night with multimegabyte (per each) spam emails from them. Yahoo isn't the only one but the most frequent. As for Yahoo, the problem will probably go away on its own over time. The problem with companies that are in questionable/bad financial shape is that they defund many activities that do not seem important but actually are. These, such as abuse handling, will actually cause them to increase their spiral down by causing more customers away. Another item of interest is that Yahoo says they will only accept ARF (RFC-5965) reports to abuse@ However, they reject all ARF abuse reports just like the plain text ones. So much for standards support As an aside, one can not/will not/may not block all their mailservers but I would suggest blocking all mail that contains their shortener, y.ahoo.it. It is highly abused and they don't respond to abuse reports on it either. Its a real shame that the original high quality search engine/company that everyone aspired to be on has fallen so far both financially and in quality. As for SORBS, most competent mail admins dropped its use a long time ago. I thought when Proofpoint took it over things would change (I actually thought they would dump the SORBS name because of bad karma) but it hasn't happened.
Re: Question about peering
wouldn't the same forces that push down the per-megabit cost of transit also push down the per-megabit cost of peering? at some point in the race to the bottom, the cost of a port plus the opex to maintain a peer becomes a significant factor. randy
Re: Question about peering
On Sat, Apr 07, 2012 at 07:25:24PM -0400, Robert E. Seastrom wrote: Generally the costs of transit are pushed down by competition. As a vendor your costs for bandwidth/transport/port*bw may drop but you are unlikely to drop your prices to your customers merely because your costs have gone down unless prompted to by a competitor. ah, so it's not the cost of production that is the problem, it is the 'natural monopoly' state of an IX that is the problem. It seems like that problem could be overcome by making the IX a cooperative owned by the members, maybe? Consider the case of a peering n00b network (the target of this discussion after all) in hypothetical facility that charges $1000/month for a gigabit ethernet port on the peering fabric. You I am in almost that exact position (A peering n00b network) - Of couse, I'm fairly certain I'm paying sucker prices, but I can get a gigE to any2 at 55 s market for less than a third the price you quote. just a data point.
Re: Question about peering
It seems like that problem could be overcome by making the IX a cooperative owned by the members, maybe? Even if an IX is a cooperative, that doesn't say anything about their costs and the costs of interconnection. Networks and buildings and cross-connects can get cheap for lots of reasons, but the nature of the ownership isn't really a factor. Cooperatives can be as poorly run or have as high costs as any commercial facility. In fact, you could argue that without some cross-subsidy of co-lo or one of the providers 'donating' space, a small cooperative is likely to be more expensive to put together than a large colo facility that has lots of revenue streams. Or you could argue the opposite. I'm just pointing out that motivation and ownership don't necessarily dictate final costs. That being said... I am in almost that exact position (A peering n00b network) - Of couse, I'm fairly certain I'm paying sucker prices, but I can get a gigE to any2 at 55 s market for less than a third the price you quote. Well, bully for you, but at this very instant I'm looking at a contract from PCCW which has a component of a cross-connect in Telecity London (Harbour Exchange) where the cross-connect has been priced out at USD 2400/month (maybe that also includes 1U of space; it's hard to tell). I do understand that this is NANOG with emphasis on the NA part, and so costs in other geographies may not be all that interesting, but some facilities do charge an arm and a leg (or maybe PCCW is screwing us over on the proposal). jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
Re: Question about peering
Luke S. Crawford l...@prgmr.com writes: On Sat, Apr 07, 2012 at 07:25:24PM -0400, Robert E. Seastrom wrote: Generally the costs of transit are pushed down by competition. As a vendor your costs for bandwidth/transport/port*bw may drop but you are unlikely to drop your prices to your customers merely because your costs have gone down unless prompted to by a competitor. ah, so it's not the cost of production that is the problem, it is the 'natural monopoly' state of an IX that is the problem. It seems like that problem could be overcome by making the IX a cooperative owned by the members, maybe? The whole datacenter? Consider the case of a peering n00b network (the target of this discussion after all) in hypothetical facility that charges $1000/month for a gigabit ethernet port on the peering fabric. You I am in almost that exact position (A peering n00b network) - Of couse, I'm fairly certain I'm paying sucker prices, but I can get a gigE to any2 at 55 s market for less than a third the price you quote. just a data point. You might want to analyze peering opportunities there: https://www.peeringdb.com/private/facility_view.php?id=20peerParticipantsPrivatesPage=1 and get some netflow data out of your own network to see just how much traffic you're sending there. Fairly easy to do with only 34 participants. Excel Will Tell You What To Do (tm vgill) -r
Re: Question about peering
fair enough. i was thinking smaller and more localized exchanges rather than the big ones --srs (iPad) On 08-Apr-2012, at 3:46, Robert E. Seastrom r...@seastrom.com wrote: Actually, Suresh, I disagree. It depends on the facility/country/continent, the cost of joining the local IX fabric at a reasonable bandwidth, your cost model, and your transit costs. In short, it's not 1999 anymore, and peering is not automatically the right answer from a purely fiscal perspective (though it may be from a technical perspective; see below). At certain IXes that have a perfect storm of high priced ports and a good assortment of carriers with sufficiently high quality service and aggressive pricing, a good negotiator can fairly easily find himself in a position where the actual cost per megabit of traffic moved on peered bandwidth exceeds the cost of traffic moved on transit _by an order of magnitude_. That's without even factoring in the (low) maintenance cost of having a bunch of BGP sessions around or upgraded routers or whatever. Sometimes making the AS path as short as possible makes a lot of sense (e.g. when trying to get an anycast network to do the right thing), but assumptions that peering results in lower costs are less true every day. -r Suresh Ramasubramanian ops.li...@gmail.com writes: what does it cost you to peer, versus what does it cost you to not peer? if you are at the same ix the costs of peering are very low indeed On Saturday, April 7, 2012, Anurag Bhatia wrote: Hello everyone I am curious to know how small ISPs plan peering with other interested parties. E.g if ISP A is connected to ISP C via big backbone ISP B, and say A and C both have open peering policy and assuming the exist in same exchange or nearby. Now at this point is there is any minimum bandwidth considerations? Say if A and C have 1Gbps + of flowing traffic - very likely peering would be good idea to save transit costs to B. But if A and C have very low levels - does it still makes sense? Does peering costs anything if ISPs are in same exchange? Does at low traffic level it makes more sense to keep on reaching other ISPs via big transit provider? Thanks. -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia https://twitter.com/#!/anurag_bhatia Linkedin: http://linkedin.anuragbhatia.com -- Suresh Ramasubramanian (ops.li...@gmail.com)