[Dshield] Need some help testing

[Abuse]

** Reply to message from "Tomas L. Byrnes" <tomb at byrneit.net> on Sun, 8 Jul
2007 20:20:20 -0700

> Are you saying that blocking SMTP traffic from "Dynamic" IP addresses is
> a best practice? If so, based on direct personal experience, I disagree
> vehemently.

Since most spam comes from "Dynamic" IP addresses I think it is "best practice".


> While, in theory, no-one should have a truly dynamic IP
> address as an MX or SMTP peer, the extant lists of what constitutes
> "Dynamic" address space are, in my direct experience and NSHO, wildly
> inaccurate.

It may be inaccurate in your definition but some ISPs list their "non-business"
connections as dynamic even if it really is a static IP.  My ISP has stated
that it is going to put all non-business IPs on the dynamic block list some
time in the future.


> As such, since there is no way, in the current Internet, to
> really know if an IP is static or dynamic, blocking "Dynamic" IP
> addresses exacerbates the "Scorched Earth" problem of traditional RBLs,
> for a limited net gain in SPAM filtering.

Static or dynamic if it is from a non-business IP it should be considered
dynamic.  It stops a lot of spam.


<snip>

> So, in summary, I think the underlying premise of your proposed method:
> that whether an IP address is dynamically assigned or not, and that that
> dynamic assignment has entropy (meaning it isn't effectively persistent
> for the length of the subscribers subscription), is easily discernible
> from the PTR records, is demonstrably false for a large percentage of
> the IPV4 space, and that filtering on that basis is an effective denial
> of service.

I think calling it a denial of service is a bit much.  The fix to prevent any
problems sending email from a "dynamic IP" is trivial.