IP address reputation, BorderWare

Mon Mar 26 23:28:15 CEST 2007

Rick Chadderdon wrote:
> I think I've made it clear that it's not the volume of usage that 
> bothers me (although there have been days where I've gotten more 
> connections from a SAV flood than I did legitimate delivery attempts). 
> It's the thoughtless, selfishly justified actions of people who think 
> it's ok to hammer my server because it saves them bandwidth.  Kevin's 
> "community Internet" theory aside, there is no tangible benefit to 
> *anyone* other than the user of SAV, and he's using the resources of 
> others to attain that benefit.  Anyone sophisticated enough to 
> configure SAV also already has their system configured *not* to send 
> NDRs after the SMTP transaction.  I hope.  In any case, it's not the 
> amount of resources being consumed that bothers me - it's the fact 
> that they're being used at all in a way that only *arguably* benefits 
> me, without my consent, and that even with the awareness that there 
> are people (even if it's only me, and I guarantee that it's not) who 
> would prefer that you didn't do it to them, you'll do it anyway.
Rick,

I've been thinking about this issue at length, and agree that it is a 
complex one.

<soapbox>
After much analysis, I consider responding to incoming SAV lookups on 
our end to simply be part of the deal with hosting a domain, much as is 
responding to DNS queries about the domain, subdomains, etc. As host to 
a domain, I believe it is my server's responsibility to answer queries 
regarding SAV, in an effort to defend a domain name's reputation 
including that of the company behind the domain name.
</soapbox>

Let's pretend, for example, that I host the domain for some well-known 
brand, let's say "Pepsi.com" (I don't, of course, but I do have a can of 
it on my desk at the moment :-). Some bozo decides to joe-job a fake 
address, or multple fake addresses that all end in @pepsi.com. In the 
process, the bozo is tarnishing the good name of the company behind the 
real domain. Anyone that gets spam in to their mailbox from addresses at 
Pepsi may very well get annoyed and frustrated and may make alternate 
beverage choices next time they're at the convenience store shopping for 
some pop. If SAV didn't exist, or was somehow actively prevented from 
working by the server hosting pepsi.com, then more of the joe-jobbed 
spam is going to end up in user's inboxes and that damages the 
reputation of the company getting joe-jobbed, Pepsi in this example.

So why then is verifying a sender a bad thing? I've gone to all sorts of 
trouble to try to prevent the bozos from using our domain, and have SPF 
configured (with "-all"), but it still happens. At least once or twice a 
week, some idiot sends spam from fake addresses at our domains (we see a 
few spams...er...copies from people's "Barracuda Spam Firewall" with the 
messages attached). If the recipient of the spam did SAV, then they 
wouldn't accept the spam into their server and user's inboxes, and our 
company's reputation would not be tarnished.

If your server gets spam allegedly from my domain, please, by all means, 
do whatever you can to ensure that the mail really did originate from us 
before letting it in to your user's inboxes, including SAV.

Chris :-)