[anti-spam-wg@localhost] Re: New kind of spam attack? How to defend?
- Date: Thu, 07 Nov 2002 11:28:59 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 06/11/2002 14:53 +0100, Gunnar Lindberg wrote:
[Paul Wouters]
> > I know I can get rid of the double bounces by accepting the
> > messages and silently dropping them, but that still means
> > thousands of nonsense messages travel from the outside to the
> > fallback MX to the best MX.
> ... I also ended up in relay-blocking large quantities of the
> IP space in advance, e.g.
>
> 61.0.0.0/8
> 200.0.0.0/8
> ...
> and numerous /16 and /24. Effectively this takes away all the
> good in having a backup MX host, so by now we've given up and
> have a single MX host without backup for each (sub)domain, with
> a few exceptions.
> Sad, but impossible to keep on.
This may be right.
To implement a service you have to do more than conform with the
RFCs. Always true, and now becoming obvious.
A backup mail route has to have the same security provisions as
the main route. It has to implement the same network blocks and
filter rules, and it has to be aware of the local addresses it is
supporting (so that it can reject things rather than passing them).
In most circumstances this means that the cost of an off-site
alternative MX for legitimate mail is more than the benefit.
BCP guides should make this point (do we need to write another?).
That's the real cost of UBE.
Rodney Tillotson, JANET-CERT
+44 1235 822 255.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPcpOdMxy/J7PAuvpEQKJHQCdFgKNC7vtltdW5W/U6ad961BqBRkAoNiG
qL3BjBU6hm19kdktUfWb0pZ1
=aElq
-----END PGP SIGNATURE-----
