--On Thursday, 11 December, 2008 16:36 -0800 Douglas Otis
wrote:
>
> On Dec 11, 2008, at 1:51 PM, John C Klensin wrote:
>>
>> As soon as one starts talking about a registry of
>> "legitimate" sources, one opens up the question of how
>...
> Perhaps I should not have used the word legitimate
On Dec 11, 2008, at 1:51 PM, John C Klensin wrote:
As soon as one starts talking about a registry of "legitimate"
sources, one opens up the question of how "legitimate" is
determined. I can think of a whole range of possibilities -- you,
the ITU Secretary-General, anyone who claims to ha
--On Thursday, 11 December, 2008 10:24 -0800 Douglas Otis
wrote:
>...
> Rather than depending upon knowing the location of specific
> abusive sources, the Internet needs a registry of legitimate
> sources which includes contacts and IP address ranges. Such a
> list should reduce the scale of t
On Dec 9, 2008, at 2:42 PM, Keith Moore wrote:
when the reputation is based on something (like an address or
address block) that isn't sufficiently fine-grained to reliably
distinguish spam from ham, as compared to a site filter which has
access to more criteria and can use the larger set
Paul Hoffman wrote:
> At 11:57 AM -0500 12/10/08, Theodore Tso wrote:
>> The point I was trying to make is that there seems to be an inherent
>> assumption by some people, perhaps because the people who make these
>> assumptions run large mail servers, that the problem with someone who
>> is wrongl
Hi -
> From: "Dave CROCKER" <[EMAIL PROTECTED]>
> To: "Theodore Tso" <[EMAIL PROTECTED]>
> Cc:
> Sent: Wednesday, December 10, 2008 10:23 AM
> Subject: Re: How I deal with (false positive) IP-address blacklists...
...
> Really: If there is
At 11:57 AM -0500 12/10/08, Theodore Tso wrote:
>The point I was trying to make is that there seems to be an inherent
>assumption by some people, perhaps because the people who make these
>assumptions run large mail servers, that the problem with someone who
>is wrongly blocked rests solely with th
Theodore Tso wrote:
On Tue, Dec 09, 2008 at 11:23:10AM -0800, Dave CROCKER wrote:
Perhaps you can clarify the purpose of your note. How should it be
incorporated into the IETF's deliberations?
The point I was trying to make is that there seems to be an inherent
assumption by some people, pe
On Tue, Dec 09, 2008 at 11:23:10AM -0800, Dave CROCKER wrote:
> Evidently you believe that the anecdote you posted proves something, but
> I am not sure what.
>
> Some others have suggested that it proves something which, I strongly
> suspect, is not what you had in mind.
>
> Perhaps you can clar
On Tue, Dec 09, 2008 at 02:03:51AM -0500, Theodore Tso wrote:
> Well, it blocked a legitimate e-mail message, so by definition the
> rejection was false positive.
That's incorrect. Determining whether the rejection was a false positive
or true positive is the sole prerogative of the recipient,
(While Dave's response to this is exactly correct - notihng in my original
note had anything to do with sacrificing small scale setups - our failure
to discuss these matters sensibly has some very important implications for
small operators that deserve further comment.)
> [EMAIL PROTECTED] wrote:
> Schemes that attempt to assess the desirability of the email
> to the recipient have been tried - personal whitelists,
> personal Bayesian filters, etc. etc. In practice they haven't
> worked all that well, perhaps due to the average user's
> inability to capably and consistently perform such
[EMAIL PROTECTED] wrote:
>
> Like it or not, sample size reallly does matter. But if you really do prefer
> individual anecdotal evidence, I'll point out that in practically every bogus
> blocking incident I've seen of late, the fault lies not with an operation like
> Spamhaus, but with some local
Ned Freed wrote:
>> Granted that it's always dangerous to extrapolate from a small sample.
>
>> But is anybody's experience valid, then?
>
>> From my perspective, the guys who run these large email systems
>> generally seem to believe that they have to do whatever they're doing,
>
> Keith, with
> [EMAIL PROTECTED] wrote:
> > You're completely missing the point. This issue isn't knowing how to build a
> > large scale email system and I never said it was. Rather, the issue is
> > whether
> > or not people's opinions about the effectiveness of various antispam
> > mechanisms
> > are valid
Tony,
Please re-read what Ned wrote. It was about evidence based on extensive
experience, as opposed to evidence based on far less experience.
His note had nothing to do with "sacrificing" smaller operators. It had to do
with smaller operators who are more likely to have much less expertise
[EMAIL PROTECTED] wrote:
> ...
> Maybe it's just me, but I'll take the evidence presented by someone
> who has access to the operational statistics for a mail system
> that services 10s of millions of end users and handles thousands of
> outsourced email setups over someone like myself who runs
[EMAIL PROTECTED] wrote:
But I also believe that it should
be possible to encapsulate the neccessary security features into
an Internet email architecture so that people can set up an email
server for a small organization in an afternoon, and it will pretty
much run on its own. The fact that
[EMAIL PROTECTED] wrote:
> You're completely missing the point. This issue isn't knowing how to build a
> large scale email system and I never said it was. Rather, the issue is whether
> or not people's opinions about the effectiveness of various antispam
> mechanisms
> are valid when all they ha
> > Why should
> > it not be as simple to set up an IETF standard email system for a
> > small organization as it was 10 years ago?
>
>
> If you go back far enough, New York City was small and
> friendly. Not much required to build a satisfactory home there.
>
> Things have changed. No
> Maybe it's just me, but I'll take the evidence presented by
> someone who has access to the operational statistics for a
> mail system that services 10s of millions of end users and
> handles thousands of outsourced email setups over someone
> like myself who runs a tiny little setup any da
[EMAIL PROTECTED] wrote:
Why should
it not be as simple to set up an IETF standard email
system for a small organization as it was 10 years ago?
If you go back far enough, New York City was small and friendly. Not much
required to build a satisfactory home there.
Things have change
There is one thing I could proof when counting the emails going
through the mailer I am responsible for.
When we started blocking emails from dynamic addresses we
reduced spam by 50%.
The gurus would not believe but I could show thenm, when we
blocked all but the dynamic addresses we could reduce
> > Second, the fact that 10 years ago you set up sendmail for
> > the computer club at your college doesn't make you an expert
> > on modern large scale email systemms administration. The
> > operational concerns for large-scale email setups today are
> > very different from thost that would have
> Second, the fact that 10 years ago you set up sendmail for
> the computer club at your college doesn't make you an expert
> on modern large scale email systemms administration. The
> operational concerns for large-scale email setups today are
> very different from thost that would have applie
Theodore Tso wrote:
This doesn't work for most people, but I had fun composing this
response, and coming just a few weeks after people claiming that
IP-based blacklists work well, and rarely result in false positives, I
felt I just had to share. :-)
Ted,
Evidently you believe that the ane
> At 1:18 AM -0500 12/9/08, Theodore Tso wrote:
> >This doesn't work for most people, but I had fun composing this
> >response, and coming just a few weeks after people claiming that
> >IP-based blacklists work well, and rarely result in false positives, I
> >felt I just had to share. :-)
> I do
At 1:18 AM -0500 12/9/08, Theodore Tso wrote:
>This doesn't work for most people, but I had fun composing this
>response, and coming just a few weeks after people claiming that
>IP-based blacklists work well, and rarely result in false positives, I
>felt I just had to share. :-)
I don't understa
At 23:58 08-12-2008, Theodore Tso wrote:
Well, the intended recipient, is a Linux Kernel Developer. He posted
a message on the Linux Kernel Mailing List, about Linux Kernel
Developement. I responded, on-topic, with a message that had no
advertising material, soliticted, or unsolicited. I think
On Tue, Dec 09, 2008 at 06:24:11PM +1100, Mark Andrews wrote:
>
> > Well, it blocked a legitimate e-mail message, so by definition the
> > rejection was false positive. I've also checked a number of DNSBL's,
> > and no one else seems to have black-listed my IP address, except these
> > jokers.
>
In message <[EMAIL PROTECTED]>, Theodore Tso writes:
> On Tue, Dec 09, 2008 at 05:49:02PM +1100, Mark Andrews wrote:
> >
> > They didn't say why they had blacklisted that IP so there
> > is no way to determine if it was a false positive or not.
> > That also make the request to phone
On Tue, Dec 09, 2008 at 05:49:02PM +1100, Mark Andrews wrote:
>
> They didn't say why they had blacklisted that IP so there
> is no way to determine if it was a false positive or not.
> That also make the request to phone if the listing was in
> error pretty hard to determi
In message <[EMAIL PROTECTED]>, Theodore Tso writes:
>
> This doesn't work for most people, but I had fun composing this
> response, and coming just a few weeks after people claiming that
> IP-based blacklists work well, and rarely result in false positives, I
> felt I just had to share. :-)
>
This doesn't work for most people, but I had fun composing this
response, and coming just a few weeks after people claiming that
IP-based blacklists work well, and rarely result in false positives, I
felt I just had to share. :-)
- Ted
--- Begin Me
34 matches
Mail list logo
