On Wed, 2 Aug 2006, Tom Ray wrote: > > have registered that does not have working (i.e. read-by-a-human) > > postmaster@ and abuse@ aliases? > > Being that I am a domain registrar (small but still) how will I > know if they have a working postmaster or abuse alias?
Easy. Send them an email and see if they respond. Make it clear in the service agreement that they (hopefully) read before registering a domain that this is a requirement. > And even if they did a quick filter setup at the server level will > have those mails /dev/null'd in no time. Check back periodically. Note to them that if you get complaints about non-working aliases you will block the domain until they *do* work. > This isn't a feasible idea for one reason and one reason only, > Network Solutions. They'll find some way to re-route that domain > to their own use. I agree it isn't a perfect solution given that some registrar somewhere won't enforce it. After all, there are "spam-friendly" registrars these days. Which suggests another idea: is there a SURBL for domains registered with Known Evil registrars? And it's also extra work for an already low-margin operation. > >> 5) Require ISP's to channel their customer's email through their own > >> mail servers (which will have some impact upon SPF tracking as well) > >> and not allow any non-business customers, nor any dynamic customers > >> (business or commercial), to directly connect to other mail servers. > > > > Totalitarian regimes will *love* that one. ISPs will hate it. > > Hate to break the news to you but many ISPs are already not > allowing their users to connect via port 25 outside their > networks. Comcast has done it, as have a few others already. I run > into this a lot because I'm also a hosting company and offer SMTP > Auth but many customers have issues because they can't connect to > port 25 on my mail server. Do you support SMTP-via-SSL (ssmtp, 465/tcp)? Do the ISPs also block that port? In modern clients setting that up is just checking a checkbox. > I also totally agree with this practice, if they are going to be > on the hook for something their users did then they need to keep a > watchful eye on their customers. Hrm. Then why do so many disclaim responsibility when they are told about known bot-controlled customer systems actively attacking others? > ISPs don't hate this considering that many ISPs now do hosting, > it's a way for them to get their customers to bring the hosting > over to them also. I was thinking more about the ISP being reluctant to buy more servers to handle the increased email volume, but upon more thought I realize that this isn't likely to be an issue for several reasons. I'm also somewhat leery about having ISPs filter *any* traffic, apart from MS Networking; the potential for abuse is great. I was just throwing out ideas. What I would *like* to see is ISPs adopt a default filtering stance that blocks outbound SMTP, 1025-1029/udp, MS Networking and MSSQL, which would cover the vast majority of inbound crap my systems automatically discard, and have a "register your account as clueful" policy (at no extra charge!) that removes that filtering for your IP when you connect. The Great Unwashed need handholding, but that shouldn't cripple those who know how to administer their systems properly. But I realize this is a dream. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX -----------------------------------------------------------------------