[Operators] server reputation
Jesse Thompson
jesse.thompson at doit.wisc.edu
Fri Apr 18 15:29:10 CDT 2008
Luke -Jr wrote:
> On Friday 18 April 2008, Jesse Thompson wrote:
>> Luke -Jr wrote:
>>> On Friday 18 April 2008, Jesse Thompson wrote:
>>>> In the email world, public whitelists aren't all that popular.
>>>> Blacklists are. A server is in effect whitelisted if it isn't on any
>>>> blacklist. I would suggest blacklisting as a first step.
>>> I would argue that the DULs are public whitelists since they "list" a
>>> large majority of active IP addresses indiscriminately, and are
>>> unfortunately quite popular.
>> "DUL" as in Dynamic Host List? With some exceptions, it fairly safe to
>> block non-authenticated email (and XMPP s2s as an extension) from
>> dynamic hosts.
>
> Maybe if you love to block legitimate emails/IMs.
> Most "dynamic" hosts are fairly static.
The end-users are on dynamic networks of course, but you only care about
the last hop when you are blacklisting/whitelisting s2s.
But you're probably right. I don't really know how many legitimate
email/im messages would be blocked if I started blocking email/im from
any email/im server that is hosted on a dynamic network. My feeling is
that there are very few legitimate email/im services that don't have
static IPs for their MX/s2s traffic.
Out of curiosity, what percentage of XMPP servers have non-static IPs?
>> I'm not sure why that makes it a whitelist.
>
> A "static IP" is just an IP that appears on your ISP's "list of static IPs".
> They are not always really static (the subnet may be, but within that subnet,
> they are often DHCP'd randomly), nor are unlisted IPs often really dynamic.
> Basically, the distinction between a "static" and "non-static" IP is that
> companies pay to get IP(s) put on a list. A DUL "blacklist" is just an
> inversion of that whitelist.
Which is why I said "A server is in effect whitelisted if it isn't on
any blacklist." The set of blacklists that an XMPP administrator choses
to query is optional.
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080418/9da8ec16/attachment.bin
More information about the Operators
mailing list