Unless you like playing whack-a-mole, you need a smarter hammer, not a
bigger one.
Email peering *IS* a smarter hammer. If all the cluefull email
administrators would set up peering agreements with each other
and exchange contact information, there would be fewer of these
situations. Part of the
On Mon, 08 Dec 2003 10:16:49 GMT, [EMAIL PROTECTED] said:
Email peering *IS* a smarter hammer. If all the cluefull email
administrators would set up peering agreements with each other
and exchange contact information, there would be fewer of these
situations.
There's a lot more people doing
Part of the problem is that there are no agreed rules of engagement
for email abuse issues. By setting up email peering agreements in
advance, we could put those rules of engagement in place and we
could ensure that our email peers have the *RIGHT* contact
information.
Agreed. One of the
[EMAIL PROTECTED] writes on 12/8/2003 5:16 AM:
Anyone for a joint NANOG/CAUCE meeting? http://www.cauce.org
Over at APRICOT, CAUCE Asia Pacific (apcauce) is holding an antispam
tutorial and conference track, which will also double as an apcauce meeting.
APCAUCE (http://www.apcauce.org) holds
On Mon, 8 Dec 2003 [EMAIL PROTECTED] wrote:
Unless you like playing whack-a-mole, you need a smarter hammer, not a
bigger one.
Email peering *IS* a smarter hammer. If all the cluefull email
administrators would set up peering agreements with each other
and exchange contact information,
james writes on 12/5/2003 11:09 PM:
I was not aware one can fake everything in the mail headers, including
the sending mail server.
1. HELO forged in the first header where the connecting IP hands off to
your MX
2. All other headers below that can be, and are, heavily forged.
--
srs
So, I got an e-mail back from RR after I posted here.
They claim to have no specific record of why we were blocked, so they
removed it. They said it was probably DOS or a Mailbomb, both of which we
would have squelched IMMEDIATELY.
Frankly, I think that its pretty poor practice to block someone
Tom (UnitedLayer) wrote:
Frankly, I think that its pretty poor practice to block someone and not
tell them, especially when contact information is clearly available
everywhere. We've got e-mail, various phones, and INOC-DBA, so its not
that hard to get ahold of us :)
When you're introducing
: When you're introducing thousands of IP blocks per day, it's pretty hard
: to notify them all.
I may be reaching here but I think perl scripting can do this.
James Edwards
Routing and Security
[EMAIL PROTECTED]
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through
Tom (UnitedLayer) wrote:
So, I got an e-mail back from RR after I posted here.
They claim to have no specific record of why we were blocked, so they
removed it. They said it was probably DOS or a Mailbomb, both of which we
would have squelched IMMEDIATELY.
Frankly, I think that its
On Fri, 5 Dec 2003, Laurence F. Sheldon, Jr. wrote:
A reasonable reaction to protect own-turf is to plug up holes as
you identify the local end of it and wait to see if anybody cares
about it after the fire-fight.
So block a /30, not a /24
The likelyhood of being able to contact anybody
On Fri, 05 Dec 2003 14:30:57 MST, james [EMAIL PROTECTED] said:
: When you're introducing thousands of IP blocks per day, it's pretty hard
: to notify them all.
I may be reaching here but I think perl scripting can do this.
Yes, a perl script can send thousands of warning e-mails to bogus
james wrote:
: When you're introducing thousands of IP blocks per day, it's pretty hard
: to notify them all.
I may be reaching here but I think perl scripting can do this.
I wish. I've been experimenting with doing exactly that for years.
Problems:
- WHOIS data is often incomplete,
: I may be reaching here but I think perl scripting can do this.
:
: I wish. I've been experimenting with doing exactly that for years.
That is what I ment by reaching, it was not intended to be a smart a** comment.
How about mailing to abuse/postmaster@domain ? I realize that the
On Fri, 5 Dec 2003, james wrote:
To me the important thing is at least trying to notify.
So the clueless miss out. Tuff. Those of us that care would like to know
there is a problem, so we can solve it.
Thank you James, thats my point exactly :)
The people who care or have a clue will have
james wrote:
: I may be reaching here but I think perl scripting can do this.
:
: I wish. I've been experimenting with doing exactly that for years.
That is what I ment by reaching, it was not intended to be a smart a** comment.
How about mailing to abuse/postmaster@domain ? I realize
I think part of the problem is not only to notify but provide information
for techs at another ISP to know what kind of problem they have (and if
you block them, they may not be able to reach you to even ask).
I would remind that this thread started from Tom telling us that roadrunner
did not
[EMAIL PROTECTED] writes on 12/5/2003 7:24 PM:
did not even record whey thy blocked him. Not only should they have recorded
it but perhaps had a location where Tom could find that:
1. He's being blocked
2. Why he is being blocked with particular example of abuse that caused it
3. How long
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
Everything else was forged, spoofed, or unintelligble.
I was probably not filtering off traffic from you (for any value of
you), I was filtering off stuff with your IP address in it.
I was not aware one can fake everything in
On 5 Dec 2003, james wrote:
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
Everything else was forged, spoofed, or unintelligble.
I was probably not filtering off traffic from you (for any value of
you), I was filtering off stuff with your IP address in it.
I was
On Fri, 2003-12-05 at 21:20, just me wrote:
On 5 Dec 2003, james wrote:
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
Everything else was forged, spoofed, or unintelligble.
I was probably not filtering off traffic from you (for any value of
you), I was
james wrote:
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
Everything else was forged, spoofed, or unintelligble.
I was probably not filtering off traffic from you (for any value of
you), I was filtering off stuff with your IP address in it.
I was not aware one can
I need to speak with someone at RR about blocking issues.
Apparently they've decided to block mail from Apache.org and some of our
other customers without any notice to UL.
I've followed their instructions and e-mailed the listed addresses,
I've waited quite a while (over 24 hours) and have yet
23 matches
Mail list logo
