Taken along with a few select country blocklists (I use China, Taiwan, Hong Kong, Korea, Brazil, and Argentina), you can go from a flood to a trickle in no time. China is a Very Special Case -- they're completely filtered at the borders now. If they ever clean up their act, they may get to pass packets again, but I'm not holding my breath. In the meantime, they can enjoy their shrinking view of the Internet.
At what point does it make sense to start editting Verisign.com out of the internet?
Funny you should mention. If you choose to null-route AS7342, that's your business.:-) Or you could just choose not to accept whatever type of traffic you prefer from these ranges:
12.107.179.0/24 from AS: 26415 (upstreams: 7342),
12.166.243.0/24 from AS: 26415 (upstreams: 7342),
65.205.248.0/24 from AS: 7342 (upstreams: 701),
65.205.249.0/24 from AS: 7342 (upstreams: 701),
65.205.250.0/24 from AS: 7342 (upstreams: 701),
65.205.251.0/24 from AS: 7342 (upstreams: 701),
192.42.93.0/24 from AS: 7342 (upstreams: 701),
208.206.241.0/24 from AS: 7342 (upstreams: 701),
216.168.252.0/24 from AS: 7342 (upstreams: 701),
216.168.252.0/22 from AS: 7342 (upstreams: 10911),
216.168.253.0/24 from AS: 7342 (upstreams: 701),
216.168.254.0/24 from AS: 7342 (upstreams: 701),
I already added them to my "cart00ney threats -- permanent refusal" list for mail and Web traffic.
So long, Verisign. You lost my domain-registration business long ago because of your spamming and your disinterest in doing actual user support; now you've lost everything else, too. And my company probably won't be spending the bucks on that code-signing certificate next year, either. We can just use OpenSSL and build our own CA, then install it in Windows as a trusted CA. There's another $800 you lost, and we can learn something useful in the process. Perfectly fine for our needs.
it doesn't matter if email is considered public communication by law. it has become that anyway through critical mass. by setting the public's expectations, AOL and other ISPs have accepted the responsibility of meeting those expectations.
If you give away coffee for a year on a street corner, you're not obligated to continue to do so forever, no matter who expects you to do so. Most ISPs have disclaimers in their contracts stating that they provide no warranties at all regarding their service, unless you're a business customer (and therefore paying more for what you hope is a more reliable class of service). But even then, you may not get any guarantees regarding what's available once your packets cross the border routers.
his ananlogy is also correct because he was comparing effects. the effect of blocking email is the same as blocking phone service in that it interupts communication. he was also correct in comparing telemarketing calls to spam. both are mass untargeted marketing, just use different modes.
The analogy is a straw man. The phone company is obligated to carry any traffic (phone calls), without regard to content or location, except in very narrow circumstances. There's no such restriction on any ISP that I know of in the US, even the ones run by the RBOCs. See?
You're right about the private server part, but you're wrong about the bounds. The E-mail servers are bound by the internet RFCs, and AOL has been casually (and flagrantly) violating those for years now.
Let me find all the non-compliant SMTP engines on the Internet and give them all a name. I name them "crap." Every server that accepts mail at the SMTP level and bounces it later is non-RFC-compliant. Every server that bounces mail incorrectly (From: instead of Return-Path:) is non-RFC-compliant. Most Notes and Exchange servers aren't fully RFC-compliant, for one reason or another.
The way to deal with AOL, if people really want to deliver them a dope-slap, is to start refusing inbound mail from AOL addresses for being non-compliant. ISP "X" can't force AOL to accept their traffic, but the reverse is also true.
I used to be with Verizon, but got fed up with not being able to send E-mails as myself, so now I'm with a different DSL ISP. However, when I was with Verizon, I couldn't send any E-mails to AOL customers-- even with Verizon's asinine restrictions, from their own SMTP server!
That's weird. I'm with Verizon, and I've never had any trouble at all sending to anywhere by smarthosting through Verizon's SMTP AUTH servers. Might have been in the old days, when their authenticated and unauthenticated servers were intermixed in the same IP blocks. But now the open relay farm is shut down, and things seem to be stable.
Road Runner's "detailed" instructions are useless if you happen to be on what they consider a "residential" IP address block. Doesn't matter if your address is dynamic or static. Doesn't matter if the customer they're "protecting" really wants to hear from you. Doesn't matter if your machine is clean and secure and you've never spammed or relayed a spam in your life. Doesn't matter if you prefer not to use your ISP's outbound relay because it drops half your mail and delays the other half for a day. You can't send them mail. Period.
If your provider's outgoing servers suck that badly, you can always make arrangements with someone else for outgoing smarthosting of your mail. It may cost a little money, but think of it as paying for the privilege of running your own mail server.
Email is critical infrastructure. It's a public communication medium just like telephone lines are.
No. It is not.
Email as it exists today is based on the cooperation of thousands of private servers, owned by private entities. Those entities aren't bound by "common carrier" status like the phone company; they have every right to decide what they do or don't want to carry on their systems.
That informal cooperation between server operators is what makes email as reliable as it is today. But without a specific contractual obligation between (e.g.) AOL and Earthlink, there's no requirement for either to carry the other's traffic. The rule of thumb has been that they do so as a courtesy, but it's still done at the discretion of the owner of the network.
If you don't like that, come up with something better. Maybe a way to guarantee delivery, against a stiff penalty for sending spam, over a separate SMTP network of trusted hosts with formal SLAs. Or get the Postal Service to run an e-mail service with guaranteed delivery, for a fee.
How would you like it if all Bell South customers couldn't call you because your regional Baby Bell didn't like dealing with all the telemarketing coming in from Atlanta?
Telephone companies are regulated common carriers that aren't allowed to reject traffic in the way you suggest, so your analogy doesn't hold.
Re:Hrm, isn't that John Gilmore's ISP?
on
As the Spam Turns
·
· Score: 1
Actually, you've hit a major irony, because Verio refuses to continue selling John Gilmore internet access.
Gilmore wouldn't stop running his mail server as an open relay. He was warned repeatedly that his actions were in violation of Verio's AUP, and he flat-out refused to change things, even though there were other options to let his friends use his precious host from elsewhere without leaving the door wide open for any spammer to abuse it. As a result, every toad.com host I find goes onto my personal DNSBL forever. I don't have the time or energy needed to deal with machines wilfully configured to be insecure.
Verio already has a full DNSBL zone entry locked and loaded at blackholes.us. If and when they file their cartooneygram, it goes right into my sendmail configuration. So long forever, Verio; you can join Harris and all the others in the Eternal Bit Bucket.
Slashdot Mirror
You can make it even simpler. Don't accept mail from likely abuse sources, from dynamic IP addresses, or from known abusers. Those three blocklists get rid of an enormous amount of my spam.
Taken along with a few select country blocklists (I use China, Taiwan, Hong Kong, Korea, Brazil, and Argentina), you can go from a flood to a trickle in no time. China is a Very Special Case -- they're completely filtered at the borders now. If they ever clean up their act, they may get to pass packets again, but I'm not holding my breath. In the meantime, they can enjoy their shrinking view of the Internet.
Funny you should mention. If you choose to null-route AS7342, that's your business. :-) Or you could just choose not to accept whatever type of traffic you prefer from these ranges:
I already added them to my "cart00ney threats -- permanent refusal" list for mail and Web traffic.
So long, Verisign. You lost my domain-registration business long ago because of your spamming and your disinterest in doing actual user support; now you've lost everything else, too. And my company probably won't be spending the bucks on that code-signing certificate next year, either. We can just use OpenSSL and build our own CA, then install it in Windows as a trusted CA. There's another $800 you lost, and we can learn something useful in the process. Perfectly fine for our needs.
If you give away coffee for a year on a street corner, you're not obligated to continue to do so forever, no matter who expects you to do so. Most ISPs have disclaimers in their contracts stating that they provide no warranties at all regarding their service, unless you're a business customer (and therefore paying more for what you hope is a more reliable class of service). But even then, you may not get any guarantees regarding what's available once your packets cross the border routers.
The analogy is a straw man. The phone company is obligated to carry any traffic (phone calls), without regard to content or location, except in very narrow circumstances. There's no such restriction on any ISP that I know of in the US, even the ones run by the RBOCs. See?
Let me find all the non-compliant SMTP engines on the Internet and give them all a name. I name them "crap." Every server that accepts mail at the SMTP level and bounces it later is non-RFC-compliant. Every server that bounces mail incorrectly (From: instead of Return-Path:) is non-RFC-compliant. Most Notes and Exchange servers aren't fully RFC-compliant, for one reason or another.
The way to deal with AOL, if people really want to deliver them a dope-slap, is to start refusing inbound mail from AOL addresses for being non-compliant. ISP "X" can't force AOL to accept their traffic, but the reverse is also true.
That's weird. I'm with Verizon, and I've never had any trouble at all sending to anywhere by smarthosting through Verizon's SMTP AUTH servers. Might have been in the old days, when their authenticated and unauthenticated servers were intermixed in the same IP blocks. But now the open relay farm is shut down, and things seem to be stable.
If your provider's outgoing servers suck that badly, you can always make arrangements with someone else for outgoing smarthosting of your mail. It may cost a little money, but think of it as paying for the privilege of running your own mail server.
No. It is not.
Email as it exists today is based on the cooperation of thousands of private servers, owned by private entities. Those entities aren't bound by "common carrier" status like the phone company; they have every right to decide what they do or don't want to carry on their systems.
That informal cooperation between server operators is what makes email as reliable as it is today. But without a specific contractual obligation between (e.g.) AOL and Earthlink, there's no requirement for either to carry the other's traffic. The rule of thumb has been that they do so as a courtesy, but it's still done at the discretion of the owner of the network.
If you don't like that, come up with something better. Maybe a way to guarantee delivery, against a stiff penalty for sending spam, over a separate SMTP network of trusted hosts with formal SLAs. Or get the Postal Service to run an e-mail service with guaranteed delivery, for a fee.
Telephone companies are regulated common carriers that aren't allowed to reject traffic in the way you suggest, so your analogy doesn't hold.
Gilmore wouldn't stop running his mail server as an open relay. He was warned repeatedly that his actions were in violation of Verio's AUP, and he flat-out refused to change things, even though there were other options to let his friends use his precious host from elsewhere without leaving the door wide open for any spammer to abuse it. As a result, every toad.com host I find goes onto my personal DNSBL forever. I don't have the time or energy needed to deal with machines wilfully configured to be insecure.
Verio already has a full DNSBL zone entry locked and loaded at blackholes.us. If and when they file their cartooneygram, it goes right into my sendmail configuration. So long forever, Verio; you can join Harris and all the others in the Eternal Bit Bucket.
I'll bet I'm not the only one who feels that way.