--On 18 October 2006 14:05:54 +0100 Andrew - Supernews
<[EMAIL PROTECTED]> wrote:
>
> And callout does NOT HELP THIS AT ALL, since the spammers are quite
> happy to use sender addresses that exist.
Yes, they are. But really, they don't care whether they exist or not. It's
easier for them to j
On 10/18/06, Dave Lugo <[EMAIL PROTECTED]> wrote:
> RCPT TO callouts are now bearing the burden doing something they
> weren't designed for.
Agreed, but things like SPF/CALLERID/DK/... are not yet to the point
(deployment-wise) where they can take over.
> After hearing of friends' vanity domains
On Oct 18, 2006, at 12:11 PM, Marc Sherman wrote:
> Chad Leigh -- Shire.Net LLC wrote:
>>
>> Yes it is. If someone provides email services, they accept the
>> responsibility for that email address and accept responsibility for
>> their servers being set up according to RFCs. If a provider suppo
On Oct 18, 2006, at 5:55 AM, Andrew - Supernews wrote:
>> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>
>>> In the best case (when there isn't a specific spammer actively
>>> forging just our domain) we see about 100 times as many abusive
>>> callouts (ones not in response to mai
Marc Sherman wrote:
> W B Hacker wrote:
>
>>300+ /sec, yet 50% of the traffic was on ONE connection?
>>
>>Dunno if it is your arithmetic, veracity, or understanding of how to
>>configure
>>an MTA that is lacking - perhaps all of the above.
>
>
> Bill, you've got to try to start reading more c
On Oct 17, 2006, at 6:30 PM, Dean Brooks wrote:
> On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
>>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
>>
>> Renaud> In a perfect world we would need neither callouts neither
>> Renaud> blacklists as people wouldn't se
On Oct 17, 2006, at 6:30 PM, Dean Brooks wrote:
> On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
>>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
>>
>> Renaud> In a perfect world we would need neither callouts neither
>> Renaud> blacklists as people wouldn't se
Chad Leigh -- Shire.Net LLC wrote:
>
> Yes it is. If someone provides email services, they accept the
> responsibility for that email address and accept responsibility for
> their servers being set up according to RFCs. If a provider supports
> email addresss [EMAIL PROTECTED] then part of
On Wed, 18 Oct 2006, Chad Leigh -- Shire.Net LLC wrote:
>
> Yes it is. If someone provides email services, they accept the
> responsibility for that email address and accept responsibility for
> their servers being set up according to RFCs. If a provider supports
> email addresss [EMAIL PROTECTED
On Oct 17, 2006, at 5:15 PM, Andrew - Supernews wrote:
>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
>
> Ian> but my sender verification callouts don't fill mailboxes or
> Ian> server queues. And, they do stop lots of spam.
>
>>> Only at the expense of others, which isn't accepta
On Oct 17, 2006, at 2:33 PM, Andrew - Supernews wrote:
>> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
>
> Ian> 3. People using sender verification callouts. They seem to think
> Ian> it's as bad as sending email,
>
> Because ultimately it is.
>
> Ian> but my sender verification callou
On Oct 17, 2006, at 12:04 PM, Zbigniew Szalbot wrote:
> Hello,
>
> On Tue, 17 Oct 2006, Chris Edwards wrote:
>
>> The classic DNSBL argument! Assuming they are muppets, they will
>> ultimately be ignored, with few mail admins using them to block. If
>> however enough mail admins are using them
W B Hacker wrote:
>
> 300+ /sec, yet 50% of the traffic was on ONE connection?
>
> Dunno if it is your arithmetic, veracity, or understanding of how to
> configure
> an MTA that is lacking - perhaps all of the above.
Bill, you've got to try to start reading more carefully. 300+
connections per
Hi !!
> I will just throw in a non-SMTP solution here
>
> If you treat this sudden peak in traffic hitting your servers as a DDOS to
> your infrastructure then the best place to stop it is at the ingress to your
> network. So you have the firewall do one or more of a number of things
>
> Limit
Hi !!
> 1) Some spammer (not anywhere near our network) sends out hundreds of
> millions of spams using random forged addresses at our domain as the
> envelope sender. These are all sent using the usual compromised
> enduser hosts. (I've seen indications that some spammers do this
> routinely,
Hi !!
> David> well, i had to say that we reject more than 99.99% of the
> David> connections received
>
> If you get any real mail at all, then that is nonsense
this is just a way to tell that we are continuosly rejecting mails
(from 300k to 1M per day) while we get only a residual number of
Hi !!
> David> and you are missing one very important point, current smtp
> David> schema is by itself insecure, there is no widely spread way to
> David> check that the sender has relaly sent the message.
>
> And callout does NOT HELP THIS AT ALL, since the spammers are quite
> happy to use s
> "Hill" == Hill Ruyter <[EMAIL PROTECTED]> writes:
Hill> Hi
Hill> I will just throw in a non-SMTP solution here
I'm guessing you've not experienced this yourself.
Hill> If you treat this sudden peak in traffic hitting your servers
Hill> as a DDOS to your infrastructure then the best pla
AIL PROTECTED]>
To: "exim users"
Sent: Wednesday, October 18, 2006 3:14 PM
Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
>>>>>> "W" == W B Hacker <[EMAIL PROTECTED]> writes:
>
> >> That 99.99% peak figure was reache
>>
>>
>>
>>>Anyone who has run a very active mail server will tell you that
>>>callouts can use *enormous* amounts of resources if amplified
>>>appropriately.
>>>
>>>
>>>
>>does this ever happen ??
>>
>>
>>
>
>Nope - it's totally bullshit.
>
>
>
Where bullshit means, "
> "W" == W B Hacker <[EMAIL PROTECTED]> writes:
[text including the phrase "blowback of all forms"]
W> Am I misreading something, or did you just indicate that a
W> (hopefully rare!) defect in one of your *own* hosting servers
W> cause *your own* MX the grief?
>> Where on earth did you
Andrew - Supernews wrote:
>>"W" == W B Hacker <[EMAIL PROTECTED]> writes:
>
>
> >> That 99.99% peak figure was reached here during a period of a few
> >> hours during which we received more than _10 million_ connection
> >> attempts caused by blowback of all forms, at a domain used only b
On 18 Oct 2006, at 16:18, Renaud Allard wrote:
>
>
> Stuart Gall wrote:
>
>>
>> Or put it another way
>> is there some way I can create a whitelist of all successful outgoing
>> envelope to's so that I can use it in the rcpt acl
>>
>
> Of course there is.
What is that? so far from David I have a
On 18 Oct 2006, at 16:04, David Saez Padros wrote:
> Hi !!
>
>> You would not fill their mail boxes, the dsn would be rejected
>> after rcpt to: so in fact the session would be indistinguishable
>> from a callout.
>> except you will probably retry.
>
> then doing a callout is the same as bo
--On 18 October 2006 13:34:50 +0100 Andrew - Supernews
<[EMAIL PROTECTED]> wrote:
>
> (I say "perceived" because I am skeptical about the proportion of spam
> that actually fails callout verification.)
>
As a quick snapshot, one of my four MX hosts has rejected 41,000 messages
today, of which
David Saez Padros wrote:
> Hi !!
>
>
>>> None of this is true for callouts. We are forced to expend server
>>> resources in handling callouts. Our ability to receive our own
>>> email is impaired by other people's use of callout verification.
>>> (How well would your mailserver stand up to rec
> "W" == W B Hacker <[EMAIL PROTECTED]> writes:
>> That 99.99% peak figure was reached here during a period of a few
>> hours during which we received more than _10 million_ connection
>> attempts caused by blowback of all forms, at a domain used only by
>> a handful of staff which normall
David Saez Padros wrote:
> Hi !!
>
>
>> Anyone who has run a very active mail server will tell you that
>> callouts can use *enormous* amounts of resources if amplified
>> appropriately.
>>
>
> does this ever happen ??
>
Nope - it's totally bullshit.
--
## List details at http://www
David Saez Padros wrote:
> Hi !!
>
>
>> Spam is bad because it is the use of other people's resources without
>> permission.
>>
>> Trying to block spam by using other people's resources without
>> permission is just as bad as sending spam.
>>
>
> Does anyone have real statistics about tha
Jack Bailey wrote:
>> None of this is true for callouts. We are forced to expend server
>> resources in handling callouts. Our ability to receive our own
>> email is impaired by other people's use of callout verification.
>> (How well would your mailserver stand up to receiving four orders
>> of
Andrew - Supernews wrote:
>>"W" == W B Hacker <[EMAIL PROTECTED]> writes:
>
>
> W> Because, dear David, not ONE DAMN BIT of this whole smtp shebang
> W> works if we DO NOT try to help each other within commonly agreed
> W> channels!
>
> I assume you're addressing me, not David.
Correct!
> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>> But you're forcing me to devote _my_ resources to protecting
>> _your_ network. How is this not abusive?
David> First, i'm not only protecting my network, i'm also protecting
David> your domain from people who try to send email
Stuart Gall wrote:
>
> Or put it another way
> is there some way I can create a whitelist of all successful outgoing
> envelope to's so that I can use it in the rcpt acl
>
Of course there is. But what if the mail account has been disabled
afterwards? How would you remove mailboxes that don't
On Wed, 18 Oct 2006, Ian Eiloart wrote:
>
> So, if I stopped doing callouts, and chose to bounce spam instead, that
> wouldn't be a backward step? You'd be no more unhappy for me to fill your
> mailboxes with bounced spam than you are about my callouts?
>
You _could_ instead reject at end-of-DATA.
> "W" == W B Hacker <[EMAIL PROTECTED]> writes:
W> Because, dear David, not ONE DAMN BIT of this whole smtp shebang
W> works if we DO NOT try to help each other within commonly agreed
W> channels!
I assume you're addressing me, not David.
What is "commonly agreed" about sender-verificatio
Andrew - Supernews wrote:
>>"David" == David Saez Padros <[EMAIL PROTECTED]> writes:
*snip*
>
> That 99.99% peak figure was reached here during a period of a few
> hours during which we received more than _10 million_ connection
> attempts caused by blowback of all forms, at a domain used on
Stuart Gall wrote:
> On 18 Oct 2006, at 11:46, Renaud Allard wrote:
>
>
>>Indeed, but, as mentioned before, some will argue that if the spf is
>>false you have no right to use their resources to verify things as
>>it is
>>probably a spam. And if spf != pass && spf != false (IE: not defined)
>>
> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>> You trimmed out the words "in the best case". i.e. the minimum
>> value seen recently is 10%, the average (mean) over a period of a
>> couple of years is 90-95%, and the maximum is 99.99%.
David> well, i had to say that we reje
Andrew - Supernews wrote:
>>"David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>
>
> >> In the best case (when there isn't a specific spammer actively
> >> forging just our domain) we see about 100 times as many abusive
> >> callouts (ones not in response to mail we sent) as
> >> l
Hi !!
> You would not fill their mail boxes, the dsn would be rejected after
> rcpt to: so in fact the session would be indistinguishable from a
> callout.
> except you will probably retry.
then doing a callout is the same as bouncing except that with the
callout the first message is not rece
On Wed, Oct 18, 2006 at 02:40:31PM +0200, Renaud Allard wrote:
> Andrew - Supernews wrote:
[...]
> > (I say "perceived" because I am skeptical about the proportion of spam
> > that actually fails callout verification.)
> >
>
> The proportion of spam that actually fails callout verification va
On 18 Oct 2006, at 13:42, Ian Eiloart wrote:
>
>
> --On 17 October 2006 21:33:42 +0100 Andrew - Supernews
> <[EMAIL PROTECTED]> wrote:
>
>>> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
>>
>> Ian> 3. People using sender verification callouts. They seem to
>> think
>> Ian> it's as bad
Andrew - Supernews wrote:
>
> (I say "perceived" because I am skeptical about the proportion of spam
> that actually fails callout verification.)
>
The proportion of spam that actually fails callout verification varies
from 10% to 99.99% during peaks...
smime.p7s
Description: S/MIME Cryptog
> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
Ian> So, if I stopped doing callouts, and chose to bounce spam
Ian> instead, that wouldn't be a backward step?
>> False dichotomy. You're not being forced to do either.
Ian> It's not a false dichotomy. I'm just trying to make you think
Hi !!
> One thing exim should probably do or at least have the facility to do
> is add all successful outgoing addresses to the callout cache.
>
> Or put it another way
> is there some way I can create a whitelist of all successful outgoing
> envelope to's so that I can use it in the rcpt acl
Hi !!
> David> looks like you have misspelled something ... blowback
> David> connections could be 10% or 90-95% but not both together (if i
> David> didn't miss anything)
>
> You trimmed out the words "in the best case". i.e. the minimum value
> seen recently is 10%, the average (mean) over a
On 18 Oct 2006, at 11:46, Renaud Allard wrote:
> Indeed, but, as mentioned before, some will argue that if the spf is
> false you have no right to use their resources to verify things as
> it is
> probably a spam. And if spf != pass && spf != false (IE: not defined)
> you still have no right t
Hi !!
> David> what you perceive as abusive callouts are protective in my
> David> point of view.
>
> But you're forcing me to devote _my_ resources to protecting _your_
> network. How is this not abusive?
First, i'm not only protecting my network, i'm also protecting your
domain from people w
Hi !!
> SPF is fairly useless, most companies will have employees traveling
> and using different SMTP servers. I use smtp auth for all my clients
> but even then I have come across hotels that have installed
> transparent SMTP proxies and so the user has to turn smtp auth off
> and use th
--On 18 October 2006 12:37:56 +0100 Andrew - Supernews
<[EMAIL PROTECTED]> wrote:
>> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
>
> Ian> 3. People using sender verification callouts. They seem to think
> Ian> it's as bad as sending email,
>
> >> Because ultimately it is.
>
> Ian>
> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>> .. and about 10% of our
>> incoming SMTP connections are from blowback sources (callouts, C/R and
>> bounce blowback - we can't reliably distinguish them).
>>
>> ...
>>
>> Averaged over the past couple of years, counting al
--On 18 October 2006 13:37:02 +0200 David Saez Padros <[EMAIL PROTECTED]> wrote:
>
>> Averaged over the past couple of years, counting all connections that
>> got as far as RCPT TO, _at least_ 90-95% of connections were caused by
>> blowback (i.e. 10 to 20 blowback connections for every real one
> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>> In the best case (when there isn't a specific spammer actively
>> forging just our domain) we see about 100 times as many abusive
>> callouts (ones not in response to mail we sent) as
>> legitimate/excusable callouts (ones cause
--On 18 October 2006 14:45:07 +0300 Stuart Gall <[EMAIL PROTECTED]> wrote:
>
>> Just throwing in my opinion here, but I totally agree with Andrew on
>> this one. Sender verification callouts without first ensuring the
>> sender is sourcing from an authorized host (via SPF or other means) is
>>
--On 18 October 2006 12:21:43 +0100 Chris Lightfoot <[EMAIL PROTECTED]>
wrote:
>
>> Except in violation of their terms of use. Presumably that means that
>> you can't use it in violation of their SPF policy.
>
> it's not obvious to me that a contract written between me
> and an ISP could preve
On 18 Oct 2006, at 03:30, Dean Brooks wrote:
> On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
>>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
>>
>> Renaud> In a perfect world we would need neither callouts neither
>> Renaud> blacklists as people wouldn't send
Hi !!
> .. and about 10% of our
> incoming SMTP connections are from blowback sources (callouts, C/R and
> bounce blowback - we can't reliably distinguish them).
>
> ...
>
> Averaged over the past couple of years, counting all connections that
> got as far as RCPT TO, _at least_ 90-95% of conne
> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
Ian> 3. People using sender verification callouts. They seem to think
Ian> it's as bad as sending email,
>> Because ultimately it is.
Ian> So, if I stopped doing callouts, and chose to bounce spam
Ian> instead, that wouldn't be a backw
Hi !!
> David> Does anyone have real statistics about that suposed resource
> David> abuse ?
>
> What sort of statistics do you want?
>
> In the best case (when there isn't a specific spammer actively forging
> just our domain) we see about 100 times as many abusive callouts (ones
> not in res
On Wed, Oct 18, 2006 at 12:07:08PM +0100, Ian Eiloart wrote:
> --On 18 October 2006 09:53:10 +0100 Chris Lightfoot <[EMAIL PROTECTED]>
> wrote:
[...]
> >>Indeed, but, as mentioned before, some will argue that if the spf is
> >>false you have no right to use their resources to verify things as
> "David" == David Saez Padros <[EMAIL PROTECTED]> writes:
>> Spam is bad because it is the use of other people's resources
>> without permission.
>>
>> Trying to block spam by using other people's resources without
>> permission is just as bad as sending spam.
David> Does anyone have
--On 18 October 2006 09:53:10 +0100 Chris Lightfoot <[EMAIL PROTECTED]>
wrote:
>
>>
>> Indeed, but, as mentioned before, some will argue that if the spf is
>> false you have no right to use their resources to verify things as it is
>> probably a spam. And if spf != pass && spf != false (IE: no
--On 18 October 2006 10:46:49 +0200 Renaud Allard <[EMAIL PROTECTED]>
wrote:
>
> Indeed, but, as mentioned before, some will argue that if the spf is
> false you have no right to use their resources to verify things as it is
> probably a spam. And if spf != pass && spf != false (IE: not define
--On 18 October 2006 09:41:32 +0200 Renaud Allard <[EMAIL PROTECTED]>
wrote:
> Verizon also recommends to use
> another email provider if you really want to send mails... How amazing...)
Not if they're an ISP. In that case, it's just sensible advice. Most ISPs
provide free email to lock you i
--On 17 October 2006 21:33:42 +0100 Andrew - Supernews
<[EMAIL PROTECTED]> wrote:
>> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
>
> Ian> 3. People using sender verification callouts. They seem to think
> Ian> it's as bad as sending email,
>
> Because ultimately it is.
So, if I stop
--On 17 October 2006 20:04:54 +0200 Zbigniew Szalbot
<[EMAIL PROTECTED]> wrote:
>
> And has it? I was blocked NOT because I bouced viruses, NOT because I
> used callouts and NOT because I spew spam (which I haven't) but only
> because they - as many other similar thoughtless RBL folks - have
On Wed, Oct 18, 2006 at 11:17:22AM +0100, Ian Eiloart wrote:
>
>
> --On 17 October 2006 18:10:26 +0100 David Woodhouse <[EMAIL PROTECTED]>
> wrote:
>
> > On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
> >> 1. People who bounce viruses with warning messages (actually, that's
> >> fine).
>
--On 18 October 2006 02:20:39 +0300 Stuart Gall <[EMAIL PROTECTED]> wrote:
> On 17 Oct 2006, at 18:09, Ian Eiloart wrote:
>
>>> TXT= "Net 83.19.0.0/16 is Level 3 listed at UCEPROTECT-Network. See
>>> http://www.uceprotect.net/en/index.php?m=7&s=8";
>>
>> To be fair, they do recommend that users
--On 17 October 2006 18:10:26 +0100 David Woodhouse <[EMAIL PROTECTED]>
wrote:
> On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
>> 1. People who bounce viruses with warning messages (actually, that's
>> fine).
>
> It's not fine to _bounce_ them -- they should be rejected. Generating
> bo
Chris Lightfoot wrote:
> This is a misconception. the fact that, say, a large ISP
> publishes SPF records for some set of machines does not
> mean that their customers may not send mail via other
> servers. If I pay, say, AOL cash money for an AOL email
> address, I'm entitled to use it however
Hi !!
> Indeed, but, as mentioned before, some will argue that if the spf is
> false you have no right to use their resources to verify things as it is
> probably a spam.
this is right if the domain publishes spf, but not if it does not use
spf. Anyway, others could also argue that as the return
On Wed, Oct 18, 2006 at 10:46:49AM +0200, Renaud Allard wrote:
> David Saez Padros wrote:
[ attribution lost ]
> >> That's probably better to actually _do_ callout when spf=pass, because
> >> you are "sure" that one the authorized IPs for the domain has sent the
> >> mail, so you have rights to
David Saez Padros wrote:
> Hi !!
>
>> That's probably better to actually _do_ callout when spf=pass, because
>> you are "sure" that one the authorized IPs for the domain has sent the
>> mail, so you have rights to verify the address exists.
>
> yes, but then the tested address is likely to exis
Hi !!
> That's probably better to actually _do_ callout when spf=pass, because
> you are "sure" that one the authorized IPs for the domain has sent the
> mail, so you have rights to verify the address exists.
yes, but then the tested address is likely to exist so the callout will
almost always su
David Saez Padros wrote:
> all of this drives to no place ... wouldn't it be more practical to
> recommend good callout practices ? in fact callouts are probably more
> expensive at the sending side that at the receiving side so it's good
> for both sides to reduce it's use to the minimum. Not d
Hi !!
>> None of this is true for callouts. We are forced to expend server
>> resources in handling callouts. Our ability to receive our own
>> email is impaired by other people's use of callout verification.
>> (How well would your mailserver stand up to receiving four orders
>> of magnitude more
> None of this is true for callouts. We are forced to expend server
> resources in handling callouts. Our ability to receive our own
> email is impaired by other people's use of callout verification.
> (How well would your mailserver stand up to receiving four orders
> of magnitude more connection
Hi !!
> Anyone who has run a very active mail server will tell you that
> callouts can use *enormous* amounts of resources if amplified
> appropriately.
does this ever happen ??
> Denial of service would be very easy with only a few
> sites doing callbacks and an agressive forger. The only reas
Hi !!
> Spam is bad because it is the use of other people's resources without
> permission.
>
> Trying to block spam by using other people's resources without
> permission is just as bad as sending spam.
Does anyone have real statistics about that suposed resource abuse ?
I have never seen in ye
> There are always enough mail admins out there who are stupid or lazy
> enough to use any given blacklist [...] if it's marketed well,
Doesn't have to be marketed well. I run a blacklist at $DAYJOB that's a
composite of lots of different regional blacklists based on countries where
we have no bus
On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
> > "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
>
> Renaud> In a perfect world we would need neither callouts neither
> Renaud> blacklists as people wouldn't send spam in the first
> Renaud> place. But we are not
On 17 Oct 2006, at 18:09, Ian Eiloart wrote:
>> TXT= "Net 83.19.0.0/16 is Level 3 listed at UCEPROTECT-Network. See
>> http://www.uceprotect.net/en/index.php?m=7&s=8";
>
> To be fair, they do recommend that users don't block at level 3.
Blocking the whole class B network is highly unlikely to be
> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes:
Ian> but my sender verification callouts don't fill mailboxes or
Ian> server queues. And, they do stop lots of spam.
>> Only at the expense of others, which isn't acceptable.
Renaud> In a perfect world we would need neither callouts
On 17 Oct 2006, at 14:41, UCEPROTECT-Network Blacklistmaster of the
day wrote:
> As we explained on our website, we consider callouts abusive,
> because they
> can make your system part of an ddos against others.
>
> If someone claimes to be [EMAIL PROTECTED] and sends out some million
> sp
On Tue, 2006-10-17 at 18:51 +0100, Chris Edwards wrote:
> I think Ian meant listing of people who bounce viruses is fine.
Er, yeah. Good point.
>
> | Yeah, this is just the UCEPROTECT folks being muppets. I'm with Nigel;
> | they're best ignored.
>
> The classic DNSBL argument! Assuming they a
Andrew - Supernews wrote:
>> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
>
> Ian> 3. People using sender verification callouts. They seem to think
> Ian> it's as bad as sending email,
>
> Because ultimately it is.
>
> Ian> but my sender verification callouts don't fill mailboxes or
> "Ian" == Ian Eiloart <[EMAIL PROTECTED]> writes:
Ian> 3. People using sender verification callouts. They seem to think
Ian> it's as bad as sending email,
Because ultimately it is.
Ian> but my sender verification callouts don't fill mailboxes or
Ian> server queues. And, they do stop lot
Peter Bowyer wrote:
>
> Correction: As long as UCEPROTECT's policies are published and adhered
> to, then the muppets are the people who blindly use their DNSBLs to
> block. I could publish a DNSBL which lists all odd-numbered IPs if I
> wanted to - only a fool would use that to refuse email.
>
On 17/10/06, Marc Perkel <[EMAIL PROTECTED]> wrote:
>
>
> Chris Edwards wrote:
> > On Tue, 17 Oct 2006, David Woodhouse wrote:
> >
> >
> > | Yeah, this is just the UCEPROTECT folks being muppets. I'm with Nigel;
> > | they're best ignored.
> >
> > The classic DNSBL argument! Assuming they are mupp
On Tue, Oct 17, 2006 at 12:01:36PM -0700, Marc Perkel wrote:
> Chris Edwards wrote:
> > On Tue, 17 Oct 2006, David Woodhouse wrote:
[...]
> > | Yeah, this is just the UCEPROTECT folks being muppets. I'm with Nigel;
> > | they're best ignored.
> >
> > The classic DNSBL argument! Assuming they a
Chris Edwards wrote:
> On Tue, 17 Oct 2006, David Woodhouse wrote:
>
>
> | Yeah, this is just the UCEPROTECT folks being muppets. I'm with Nigel;
> | they're best ignored.
>
> The classic DNSBL argument! Assuming they are muppets, they will
> ultimately be ignored, with few mail admins using th
Chris Edwards wrote:
> On Tue, 17 Oct 2006, David Woodhouse wrote:
>
> | On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
> | > 1. People who bounce viruses with warning messages (actually, that's
> fine).
> |
> | It's not fine to _bounce_ them -- they should be rejected. Generating
> | bo
Hello,
On Tue, 17 Oct 2006, Chris Edwards wrote:
> The classic DNSBL argument! Assuming they are muppets, they will
> ultimately be ignored, with few mail admins using them to block. If
> however enough mail admins are using them to block as to cause pain to
> those listed, then one might at le
On Tue, 17 Oct 2006, David Woodhouse wrote:
| On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
| > 1. People who bounce viruses with warning messages (actually, that's fine).
|
| It's not fine to _bounce_ them -- they should be rejected. Generating
| bounces in responses to viruses is bad.
On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
> 1. People who bounce viruses with warning messages (actually, that's fine).
It's not fine to _bounce_ them -- they should be rejected. Generating
bounces in responses to viruses is bad.
> 2. People who use SRS. I'd like to use it for local p
nt: Tuesday, October 17, 2006 4:09 PM
Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
>
>
> --On 17 October 2006 16:42:50 +0200 Zbigniew Szalbot
> <[EMAIL PROTECTED]> wrote:
>
>> Hi,
>>
>> On Tue, 17 Oct 2006, UCEPROTECT-Network Blacklistmas
It looks like all the evidence is that UCEPROTECT are another bunch
of wannbe
RBL cowboys. Personally I intend to just ignore them.
Nigel.
--
[ Nigel Metheringham [EMAIL PROTECTED] ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
--
## List details
--On 17 October 2006 16:42:50 +0200 Zbigniew Szalbot
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> On Tue, 17 Oct 2006, UCEPROTECT-Network Blacklistmaster of the day wrote:
>
>> As we explained on our website, we consider callouts abusive, because
>> they can make your system part of an ddos against oth
Eric wrote:
> David Saez Padros wrote:
>
>> In fact any callout that you receive is another bounce that you avoid
>> receiving, so if you ever faced that situation you will really prefer
>> callouts than bounces.
>>
>>
>
> Personally I'd prefer that more mail admins learn to reject mail
Hi,
On Tue, 17 Oct 2006, UCEPROTECT-Network Blacklistmaster of the day wrote:
> As we explained on our website, we consider callouts abusive, because they
> can make your system part of an ddos against others.
That's in theory but I have my system setup in such a way that I do not
use callouts.
1 - 100 of 106 matches
Mail list logo
