IP address reputation, BorderWare

[Rick Chadderdon]

Res wrote:
> On Thu, 29 Mar 2007, Rick Chadderdon wrote:
>
>> I'll live with it, but it's rude behavior.  And if a technological 
>> method
>
> No, its only rude to you because you disagree with it, you wouldnt 
> even know its happening if you werent a log hogger (no offence)
>
> (loghogger: one who feels the need to read every single entry in their 
> log files)

See, this is odd to me.  I'm used to many younger people having no idea 
of what manners are - what rudeness is.  But I have gotten the 
impression from your posts that you're around my age.  A rude behavior 
is rude whether the individual to whom it is directed takes it that way 
or not.  Do you think there needs to be some consensus before something 
is declared "rude"?  How many people need to think something is rude 
before it actually *is* rude?  Is is a percentage of a population?  
Please, enlighten me.

Your lack of concern - and your rudeness - in this regard even lead you 
to make ill thought out assumptions which I *know* you're smart enough 
to avoid if you actually cared about the issue.  I am not a "log 
hogger".  I peruse my logs on a regular basis to look for trouble signs, 
but I don't "read every single entry" in those files unless there is a 
problem I need to track down which *requires* more meticulous 
attention.  On those occasions, if my job is hampered by someone's 
extraneous log lines, it is cumbersome to say the least.


>> I'd prefer to see sender verification as a part of the SMTP 
>> protocol.  If it
>
> Thats not possible for sanity reasons, eg: hosting customers, sending 
> from their home account, using their domain email as sender, the 
> current connection to the remove MTA wont work, because best chances 
> the senders MTA is not the same as their hosting providor.

Mmmm...  Oh, I see what you're saying.  No, I meant that the SMTP 
transaction would be modified to be a three-way, probablythree-party 
handshake.  I think you can figure out what I mean.  If not, let's 
please continue the discussion off-list.  Regardless, nearly all of the 
reasons that people reject perfectly functional fixes - most of which 
would help dramatically reduce the spam problem - is because they are 
not backwards compatible with someone's way of doing things.  Guess 
what?  The existing system is *horribly broken* in regards to spam 
control.  Any working solution is going to have to change the way things 
are done.

Sender verification is doomed to uselessness, anyway, if it ever gets 
any momentum and actually gets adopted by enough people.  The anti-OCR 
images that are now being sent are a direct response to FuzzyOCR and 
other such techniques.  If spam gets hard to deliver because of SAV, 
spam software will have built in address verification.  A run against 
your mailing list, and then you fill in the "to: and "from:" fields for 
your spam run only from verified addresses.  And we're back to making 
*no* difference with our verification checks.  Except for the increased 
use of resources.


>> in their email, that a few users streaming audio and video can 
>> actually have a negative impact.  But, as they say, "I can do it at 
>> home with just my one
>
> then theres something seriously wrong with their network

Well, I know how spoiled you are with your multi-gig network, but trust 
me, there's nothing wrong with a network that see negative effects from 
people using all (or most) of the available bandwidth.  I guess where 
you are there's no such thing as a broadband video or audio stream, and 
I'm sure that you just find some painful way to eliminate users who 
abuse your kindness.  Or maybe your network is just *so* darned fast 
that you'd never notice.  Please.  I haven't attacked your competence, 
just your ethics.  I'd appreciate it if you didn't attack mine.  (And if 
we're going to get personal, off-list is definitely the place to go.)


>> Just so I know which it is...  Do you honestly not see the difference 
>> between affecting a third party and affecting one who is directly 
>> dealing with you, or do you simply not care?  I know we don't agree, 
>> but I'd kind of like to know whether it's because you're missing my 
>> point - or you don't think the difference is relevant.
>
> I do see your point, you dont like someone asking you if john.smith 
> lives there before they let them in, you expect them to take on good 
> faith that john.smith lives there.

Okay, rather than assume sarcasm, I'll accept that you don't see my 
point.  I'll leave it here, then, since I don't know how to state it any 
more clearly.  If you are even the slightest bit curious, or want me to 
try harder, email me, but I won't do it here.


>> While I'm not sure that I've been clear enough for everyone to 
>> understand the moral flaws I'm pointing out, I do think I've made 
>> them as clear as I can
>
> your morals, remember, I think youve made it real clear to this list 
> you despise SV, however I doubt you are going to change anyones mind, 
> because like you, they are looking out for *number one* (themselves) 
> and will take whatever actions they deem appropriate to protect 
> themselves, and so we all should, since nobody else is going to.

*Not* like me.  I *won't* take every possible action possible to protect 
myself.  I won't affect an innocent third-party to ensure my own safety, 
for example.  I recognize that most people will do whatever they think 
is best, but I do believe that the knowledge that there are those who 
won't like their actions will cause some people to at least reflect 
before they act.

Rick