[Operators] server reputation

Jesse Thompson jesse.thompson at doit.wisc.edu
Fri Apr 18 15:29:10 CDT 2008


Luke -Jr wrote:
> On Friday 18 April 2008, Jesse Thompson wrote:
>> Luke -Jr wrote:
>>> On Friday 18 April 2008, Jesse Thompson wrote:
>>>> In the email world, public whitelists aren't all that popular.
>>>> Blacklists are.  A server is in effect whitelisted if it isn't on any
>>>> blacklist.  I would suggest blacklisting as a first step.
>>> I would argue that the DULs are public whitelists since they "list" a
>>> large majority of active IP addresses indiscriminately, and are
>>> unfortunately quite popular.
>> "DUL" as in Dynamic Host List?  With some exceptions, it fairly safe to
>> block non-authenticated email (and XMPP s2s as an extension) from
>> dynamic hosts. 
> 
> Maybe if you love to block legitimate emails/IMs.
> Most "dynamic" hosts are fairly static.

The end-users are on dynamic networks of course, but you only care about 
the last hop when you are blacklisting/whitelisting s2s.

But you're probably right.  I don't really know how many legitimate 
email/im messages would be blocked if I started blocking email/im from 
any email/im server that is hosted on a dynamic network.  My feeling is 
that there are very few legitimate email/im services that don't have 
static IPs for their MX/s2s traffic.

Out of curiosity, what percentage of XMPP servers have non-static IPs?


>> I'm not sure why that makes it a whitelist. 
> 
> A "static IP" is just an IP that appears on your ISP's "list of static IPs". 
> They are not always really static (the subnet may be, but within that subnet, 
> they are often DHCP'd randomly), nor are unlisted IPs often really dynamic.
> Basically, the distinction between a "static" and "non-static" IP is that 
> companies pay to get IP(s) put on a list. A DUL "blacklist" is just an 
> inversion of that whitelist.

Which is why I said "A server is in effect whitelisted if it isn't on 
any blacklist."  The set of blacklists that an XMPP administrator choses 
to query is optional.

Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080418/9da8ec16/attachment.bin 


More information about the Operators mailing list