[PLUG] Improving anti UCE testing in postfix...

Ed Sawicki plug at alcpress.com
Fri Sep 10 18:59:02 UTC 2004


Darkhorse wrote:

>On Fri, 2004-09-10 at 15:53, Ed Sawicki wrote:
>  
>
>>Paul Johnson wrote:
>>
>>    
>>
>>>Ed Sawicki <plug at alcpress.com> writes:
>>>
>>> 
>>>
>>>      
>>>
>>>>I think it's foolish to use these lists to block mail. The sites
>>>>on these lists violate the RFCs for a good reason (to them).
>>>>   
>>>>
>>>>        
>>>>
>>>And it's more or less foolish to violate the RFCs to start with...
>>>
>>> 
>>>
>>>      
>>>
>>>>It would be similar to someone maintaining a black list
>>>>of all sites that _require_ MX records when the ancient RFCs
>>>>state that A records should be used.
>>>>   
>>>>
>>>>        
>>>>
>>>Not comparable.  It's reasonable to expect someone to comply with the
>>>RFCs, but not have MX records when the MX and A would point to the
>>>same host.
>>> 
>>>
>>>      
>>>
>>It is absolutely comparable. In both cases, the RFCs are being violated.
>>Should we blacklist any site that violates any of the RFCs? It seems like
>>you're saying yes, we should.
>>
>>If so, we may as well blacklist all sites running Windows. Windows
>>violates a number of RFCs.
>>
>>    
>>
>>> 
>>>
>>>      
>>>
>>>>Next we'll have black lists for "top posters", people who ask
>>>>for help before doing exhaustive Googling, and Republicans.
>>>>   
>>>>
>>>>        
>>>>
>>>Keep the Republican Persecution Complex to yourself.  Your party is
>>>destroying a perfectly good superpower.
>>>
>>> 
>>>
>>>      
>>>
>>It was humor.
>>
>>_______________________________________________
>>PLUG mailing list
>>PLUG at lists.pdxlinux.org
>>http://lists.pdxlinux.org/mailman/listinfo/plug
>>    
>>
>
>Is this really a google issue?  I thought it was more 
>of a common practice issue.  I wasn't interested in
>political commentary.
>
Call it satire or sarcasm. I was trying to make a point but I
clearly failed.

>  What guidelines are there if
>the RFC's are the guidelines and they aren't followed?
>  
>
The RFCs - unless I read your question incorrectly.

Look, the issue is whether we should punish Internet sites for
not following RFCs to the letter. The majority of sites that are
in the rfc-ignorant list are there because they're deliberately trying
to protect their site or they're trying to make it more difficult for
the bad guys - not because they're ignorant of the RFCs.

Perhaps a simpler analogy is in order. There are RFCs that describe
the operation of the ICMP protocol. One of the functions of ICMP
is to echo packets. Most of us have done this with ping programs.

If I choose to block ICMP ping packets at my firewall because there
have been attacks that exploited ICMP, am I violating an RFC?
A strict interpretation says yes. Do I deserve to be placed on a
black list because I'm trying to protect my site?

Another related example: Windows computers, by default, don't
respond to broadcasts pings. You may interpret this as violating at
least one of the RFCs, but we should all be happy that Microsoft
designed Windows that way.

Ed




More information about the PLUG mailing list