Date: Thu, 11 Jan 2001 18:01:46 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: dmaddox@sc.rr.com Cc: mckay@thehub.com.au (Stephen McKay), freebsd-chat@FreeBSD.ORG Subject: Re: No cable modems?? Message-ID: <200101111801.LAA19860@usr08.primenet.com> In-Reply-To: <20001220003436.A345@cae88-102-101.sc.rr.com> from "Donald J . Maddox" at Dec 20, 2000 12:34:36 AM
next in thread | previous in thread | raw e-mail | index | archive | help
Delayed, but I didn't see anything tying this up, so... > > Removing them from the set of systems that can send you mail reduces the > > amount of spam you receive. > > I hope this doesn't spread. I have an ADSL connection and I send mail > directly from my mailserver. I don't want to send my mailing list server > output through my ISP. Nor should I. Part of the idea of handling my > own mail was both the independence and the learning experience. The alternative is that you have an X.509 certificate signed by a recognized authority, vetting that you are not a SPAM "provider". Nobody seems to want to go to this, though, even though it is a 100% reliable soloution which would make it a requirement that you can't send SPAM twice from a domain name without "burning" it. The problem with cable modems is that they do not assign static IP addresses (at least for the network under discussion). This is "good" if you are a cable provider who wants to charge a differential rate for clients vs. servers, since servers have to be at a known location, and this effectively means a static IP address. Many DSL providers are doing the same thing. The cable companies do it because they think the cable is for pushing content at you, and the DSL providers do it because they think you should pay metered rates on commodity bandwidth, so that their margins don't get eroded. Practically, though, IPv4 means that static IP addresses are a finite, and an increasingly scarce, resource. In normal operation, when a connection comes into a mail server, it will do a getpeername() to get the IP address of the connecting machine. Then it will do a gethostbyaddr() using this information. Then it will use the returned data from that to do a seperate gethostbyname(), which should return the IP address. IP addresses are delegated by the "in-addr.arpa." sub-root; names are delegated by the "." root. By having two different authorities, this means that, if you are a SPAMmer, you will have to "burn" your IP address (make it known that the IP address is that of a known SPAMmer) if you send SPAM. This costs you money, in that the IP address will get placed in the RBL (or even the netblock, if you buy one), and you will be effectively "diked out" of the Internet, as far as email is concerned. It also means that, even if you can fake one of them, you can't fake both of them: you have to hold a delegation from "in-addr.arpa." for your IP address, and you have to hold a delegation from "." for your domain name, or the crosscheck will fail, and your email will be rejected. This is a good thing: it means that it costs you real money to send SPAM, just like it costs those of us who pay to store or download it. Typically, you are then required to relay through a mail server which somehow verifies you as a customer; this is now increasingly done with SMTP AUTH, but the majority of systems do this by correlating your network authentication which gets you the dynamic IP address assignment with the mail server's list of "allowed email relay hosts". For a traditional dialup ISP, this is generally accomplished by the ISP owning the POP (Point of Presence) you dial into, and then using the RADIUS acconting records to validate that you are one of their customers (the network authentication is used as an email source host validation). The upshot of this is that, if you send SPAM, and your ISP won't shutdown your account, then the rest of the Internet can put pressure on your ISP by not letting _ANY_ of your ISPs customers, even the legitimate ones, send email, until the SPAM sender is cut off so that they can't send any more SPAM. The whole idea is to build economic disincentives into the sending of SPAM, and to build in an feedback loop which will result in enforcement of a prohibition against SPAM. This is actually a good idea, since the only enforcible laws are the laws of physics. Making something illegal through legislation has never stopped it, but if it becomes a violation of "that's the way the universe works", then it can't happen. We can only hope that this _DOES_ spread. Until it is 100% ubiquitous, the economic disincentives will not be universal (just as spanking a kid for misbehaving only occasionally will never teach the kid that there are consequences to behaviour: don't act universally, and you are just randomly abusing your child). This still leaves unethical companies which can sucker a student or other user into "burning" their ability to get an email account in the future by sending SPAM on behalf of the company, and it still leaves those stupid enough to buy bulk email services at a sufficient markup that it outweighs the disincentives (which outweigh by far the value of the "service"), but that can be fixed, in time. So your choices are: 1) Don't send mail 2) Relay through a properly configured relay server (apparently, the one in question has bee misconfigured to not use its external DNS canonical host name) 3) Get a static IP address, so you can send mail directly NB: Most of this is covered in considerably more detail at sites like www.cauce.org... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101111801.LAA19860>