-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Frank Gadegast Sent: Monday, August 09, 2010 3:00 PM To: Brian Nisbet Cc: anti-abuse-wg@ripe.net
removing networks from RIPEs databased will also remove all reverse mapping and nameserver entries, right ?
No mailserver, that is configured to fight only a bit against spam accepts mail from IPs without a working reverse mapping.
So, if RIPE ever wants to punish network abusers, thats an easy way of doing it ...
I agree that this may be a somewhat effective approach.
However, I doubt that most mail exchanges are configured in such a categorical manner. I apologise for not having any hard data to present, but my experience is that missing or dysfunctional reverse mappings often are used to increase spam scores (such as in SpamAssassin) rather
Thor Kottelin wrote: than to reject mail outright.
Thats right ... The default setting for most MTAs these days is to complain about mails from servers without any reverse mapping and to complain in a different manner about a not matching reverse mapping (at least sendmail, postfix, qmail and Exchange CAN do this). Most anti spam solutions surely raise the score, if there is no reverse mapping or if the reverse mapping does not match the hostname or HELO command. My personal experience is, that most provider do not accept email from servers without a reverse mapping but accept email from servers with a not matching reverse mapping and use this for further spam scoring. Some even put mailserver without a working reverse mapping on their blacklists ... So: its up to the server administrator to configure the final solution and thats perfect, everybody can decide what to do. A totally missing reverse mapping will surely help the receiver a lot and harm the spammer ... And removing route object will surely help even more. Most transit provider and exchange points usually generate their BGP filters from whois records and match them against customers known ASes and peering partner ASes (when accepting routes) daily. No route objects means no peering, no routing and no announcement. And transit provider or exchange points that are not working this way, have a serious security problem anyway ... All this is technically easy, the only thing missing is a discussion, who decides, what objects need to be remove and why. Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de