Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]

To: Emile van Bergen <emile-debisp@evbergen.xs4all.nl>
Cc: "debian-isp@lists.debian.org" <debian-isp@lists.debian.org>
Subject: Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
From: Craig Sanders <cas@taz.net.au>
Date: Thu, 9 May 2002 08:48:03 +1000
Message-id: <[🔎] 20020508224803.GE31487@taz.net.au>
In-reply-to: <[🔎] Pine.LNX.4.44L1.0205082230380.23954-100000@linuxevb.evbergen.xs4all.nl>
References: <[🔎] 20020507225810.GR3185@taz.net.au> <[🔎] Pine.LNX.4.44L1.0205082230380.23954-100000@linuxevb.evbergen.xs4all.nl>

On Wed, May 08, 2002 at 10:56:12PM +0200, Emile van Bergen wrote:
> > what has size got to do with it?
> 
> Because the distinction between a customer and an ISP is not clear.
> [...]

that was a tautology.  it only matters if you think size is relevant.

it doesn't matter in the slightest whether an ISP's customer is another
ISP or not.

> > ISPs are responsible for spam sent by their customers, regardless of
> > the size of the ISP (or the size of the customer for that matter).
> 
> Qwest is an ISP. Is it responsible for mail sent from their ISP
> customers?

yes.  absolutely.  without exception.  they are responsible for all mail
sent by their customers.

> Perhaps they should be. Then, would you say, if a large percentage of
> their customer ISPs are spamha?ser (plural for spamhaus), should we
> start blocking all mail from Qwest?

yes.  if a significant amount of spam is coming out of qwest and they
are doing little or nothing to stop it then they should be black-listed.

this is the ONLY thing that will get any large ISP to give a damn about
the spam problem caused by their customers.  if it doesn't affect them
and their non-spammer customers they will just wash their hands of it
and say "not my problem".  not good enough.  it IS their problem and if
they won't do something about it then they must pay the price in losing
their ability to send email to a significant percentage of the internet.  

only then will they see it as *THEIR* problem and get off their arses
and do something about it.

> At which percentage? How can we measure that? Using spam messages vs.
> total output perhaps? That sounds remarkably like what Spamcop's
> doing.  So which criteria would *you* choose? You seem avoiding that
> question.

at no percentage.  it's about quantity of spam received versus their
willingness and/or ability to do something about their spammer customers
- as judged by competent people with several years experience in
anti-spam activities.

this comes back to the crucial difference between spamcop's BL and
cluefully operated RBLs:

you're willing to trust your mail server's blacklist data to complaints
sent in by morons who wouldn't recognise a forgery if it came up and bit
them on the arse, and can't tell the difference between spam and a legit
mailing list that they're too stupid to remember how to unsubscribe from
even though the list unsub instructions are at the bottom of every
message.

i prefer to trust my peers - competent people who have years of
experience in sussing out and dealing with spammers and their tricks.

technological decisions and judgements should be made by those who are
competent to make them, not by democratic processes or by giving equal
weight to the opinions of experts and the ignorant/stupid.

> > > Following this reasoning, would you want to force an ISP that only
> > > has a single connection also to deliver all their mail through
> > > that upstream ISP's MTAs, purely for accountability purposes?
> >
> > what the hell are you talking about?
> 
> See above. The question is: do you advocate to enforce the
> responsibility for the larger ISPs over the smaller ones and their
> (respective) customers by forcing mail though upstream MTAs, which can
> be blocked in one fell swoop in order to teach them responsibility?

stop conflating two entirely separate issues.

dynamic IP address present a completely different problem to either open
relays or spam sources.  it requires different approaches to solving the
problem.

on a more general note, if an ISP finds that ANY customer is spamming or
an open relay then they should deal with it appropriately.  this
generally involves an escalating series of actions, from advising the
customer of the problem to assisting them in fixing it to blocking their
access if required and finally to terminating their account if all else
fails.  that's for ANY customer, regardless of size, regardless of
whether they are another ISP or not.

> Because that's the idea I got from you encouraging ISPs to use RBLs
> and/or blocking outgoing SMTP, to force their customers to use their
> ISPs MTAs.

yes, for dynamic IP address customers.

also for static IP customers who have repeatedly demonstrated that they
are too clueless to operate a mail server securely.  i have a few
customers like this and it's far easier (for them and for me) to just
block port 25 for them and require all their mail (in and out) to be
relayed via our mail servers.  we're effectively providing an smtp
firewall and proxy service for them.  

this is one of the many things that an ISP should be willing to do in
order to prevent their customers from becoming a spam problem.

btw, the customers appreciate the service - but we'd do it even if they
were opposed to it.  we're not putting our mail at risk for the sake of
any customer.  they MUST secure their mail server or we will secure it
for them.  if they don't like it, they can leave and end up getting
another ISP blacklisted.

> Hence my question. Apparently you see a big and fundamental difference
> between an ISP, who would be allowed to do direct to MX SMTP, and a
> customer, who would not be allowed to do direct to MX SMTP. 

no, stop putting bullshit words in my mouth.

i see a fundamental difference between dynamic IP address and static IP
addresses.

> If it's not size that makes the difference between an ISP and a
> customer, is it whether you're connected to one or more upstream ISPs?
> Is it whether you resell any access? What?

none of the above.

it's static vs dynamic ip address.

> > are you being genuinely stupid or is this a deliberate attempt to put
> > straw-man words in my mouth?
> 
> Just continue assuming I'm stupid. That's fine with me, if that helps.

you're doing a damn good job of proving that you are stupid.

> > most ISPs don't run on dynamic IP addresses.  while there are some
> > very ignorant ISPs around, very few are stupid enough to even think
> > of running a mail server ona dynamic IP address.
> >
> > i don't see any need to make special exemptions for ISPs who are
> > stupid enough to run on dynamic IPs.
> 
> Of course not. But now I understand. You were basically assuming that
> everyone agrees that
> 
> 1. ISP is equivalent to static IPs, and
> 2. Customer is equivalent to dynamic IP.

stop putting words in my mouth.  especially stop putting cretinous words
in my mouth.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
  - From: "Jason Lim" <maillist@jasonlim.com>

References:
- Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
  - From: Craig Sanders <cas@taz.net.au>
- Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
  - From: Emile van Bergen <emile-debisp@evbergen.xs4all.nl>

Prev by Date: Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Next by Date: war dialing
Previous by thread: Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Next by thread: Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Index(es):
- Date
- Thread